diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index eb7c574..07d5f11 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,7 @@ variables: BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux" BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/ INSTALL_PREFIX: "/home/mesasoft/sapp_run/" - INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel + INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaat4-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel stages: - analysis @@ -101,7 +101,6 @@ run_test_for_centos7: - yum makecache - ./ci/travis.sh - cd build - - make test - ctest --verbose run_test_for_centos8: @@ -111,7 +110,6 @@ run_test_for_centos8: - yum makecache - ./ci/travis.sh - cd build - - make test - ctest --verbose branch_build_debug_for_centos7: diff --git a/bin/maat.conf b/bin/maat.conf index f72b2a9..03d35b3 100644 --- a/bin/maat.conf +++ b/bin/maat.conf @@ -1,8 +1,8 @@ [STATIC] -MAAT_MODE=1 +MAAT_MODE=json STAT_SWITCH=1 PERF_SWITCH=1 -TABLE_INFO=tsgconf/tsg_static_tableinfo.conf +TABLE_INFO=tsgconf/tsg_static_tableinfo.json STAT_FILE=tsg_static_maat.status EFFECT_INTERVAL_S=1 REDIS_IP=127.0.0.1 @@ -13,22 +13,7 @@ JSON_CFG_FILE=tsgconf/tsg_maat.json INC_CFG_DIR=tsgrule/inc/index/ FULL_CFG_DIR=tsgrule/full/index/ EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json - -[DYNAMIC] -MAAT_MODE=1 -STAT_SWITCH=1 -PERF_SWITCH=1 -TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf -STAT_FILE=tsg_dynamic_maat.status -EFFECT_INTERVAL_S=1 -REDIS_IP=127.0.0.1 -REDIS_PORT_NUM=1 -REDIS_PORT=7002 -REDIS_INDEX=1 -JSON_CFG_FILE=tsgconf/tsg_maat.json -INC_CFG_DIR=tsgrule/inc/index/ -FULL_CFG_DIR=tsgrule/full/index/ -EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json +LOG_LEVEL=0 [APP_SIGNATURE_MAAT] MAAT_MODE=1 diff --git a/bin/main.conf b/bin/main.conf index e8d8884..153b716 100644 --- a/bin/main.conf +++ b/bin/main.conf @@ -1,10 +1,7 @@ [MAAT] -PROFILE="./tsgconf/maat.conf" -IP_ADDR_TABLE="TSG_SECURITY_ADDR" -SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID" -CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP" LOG_LEVEL=10 LOG_PATH="./tsglog/maat/maat.log" +PROFILE="./tsgconf/maat.conf" [TSG_LOG] MODE=1 @@ -15,6 +12,11 @@ SASL_USERNAME="admin" SASL_PASSWD="galaxy2019" BROKER_LIST="127.0.0.1:9092" COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf" +SEND_USER_REGION=0 +SEND_DATA_CENTER_SWITCH=0 +SEND_APP_ID_SWITCH=1 +SEND_NAT_LINKINFO_SWITCH=0 +RAPIDJSON_CHUNK_CAPACITY=8192 [STATISTIC] CYCLE=30 @@ -42,6 +44,8 @@ POLICY_PRIORITY_LABEL="POLICY_PRIORITY" L7_RPTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf" DEVICE_SN_FILENAME="/opt/tsg/etc/tsg_sn.json" DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'" +SERVICE_CHAINING_SID=1004 +SHAPING_SID=1005 [TRAFFIC_MIRROR] TRAFFIC_MIRROR_ENABLE=1 @@ -55,4 +59,4 @@ SEED1=65535 SEED2=13 FLAGS=20 DIR=3 -REMEDY=0 \ No newline at end of file +REMEDY=0 diff --git a/bin/table_info_security.json b/bin/table_info_security.json new file mode 100644 index 0000000..0158213 --- /dev/null +++ b/bin/table_info_security.json @@ -0,0 +1,632 @@ +[ + { + "table_id":0, + "table_name":"TSG_SECURITY_COMPILE", + "table_type":"compile", + "user_region_encoded":"escape", + "valid_column":8, + "custom": { + "compile_id":1, + "service_id":2, + "action":3, + "do_blacklist":4, + "do_log":5, + "tags":6, + "user_region":7, + "clause_num":9, + "evaluation_order":10 + } + }, + { + "table_id":1, + "table_name":"TRAFFIC_SHAPING_COMPILE", + "table_type":"compile", + "user_region_encoded":"escape", + "valid_column":8, + "custom": { + "compile_id":1, + "service_id":2, + "action":3, + "do_blacklist":4, + "do_log":5, + "tags":6, + "user_region":7, + "clause_num":9, + "evaluation_order":10 + } + }, + { + "table_id":2, + "table_name":"GROUP_COMPILE_RELATION", + "table_type":"group2compile", + "associated_compile_table_id":0, + "valid_column":3, + "custom": { + "group_id":1, + "compile_id":2, + "not_flag":4, + "virtual_table_name":5, + "clause_index":6 + } + }, + { + "table_id":3, + "table_name":"GROUP_GROUP_RELATION", + "table_type":"group2group", + "valid_column":3, + "custom": { + "group_id":1, + "super_group_id":2 + } + }, + { + "table_id":4, + "table_name":"TSG_OBJ_IP_ADDR", + "table_type":"ip_plus", + "valid_column":18, + "custom": { + "item_id":1, + "group_id":2, + "addr_type":3, + "saddr_format":4, + "sip1":5, + "sip2":6 + } + }, + { + "table_id":64, + "table_name":"TSG_OBJ_IP_LEARNING_ADDR", + "table_type":"ip_plus", + "valid_column":18, + "custom": { + "item_id":1, + "group_id":2, + "addr_type":3, + "saddr_format":4, + "sip1":5, + "sip2":6 + } + }, + { + "table_id":5, + "table_name":"TSG_OBJ_SUBSCRIBER_ID", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":6, + "table_name":"TSG_OBJ_ACCOUNT", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":7, + "table_name":"TSG_OBJ_URL", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":8, + "table_name":"TSG_OBJ_FQDN", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":9, + "table_name":"TSG_OBJ_FQDN_CAT", + "table_type":"intval", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "low_bound":3, + "up_bound":4 + } + }, + { + "table_id":10, + "table_name":"TSG_OBJ_KEYWORDS", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":11, + "table_name":"TSG_OBJ_APP_ID", + "table_type":"intval", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "low_bound":3, + "up_bound":4 + } + }, + { + "table_id":12, + "table_name":"TSG_OBJ_HTTP_SIGNATURE", + "table_type":"expr_plus", + "valid_column":8, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "district":3, + "keywords":4, + "expr_type":5, + "match_method":6, + "is_hexbin":7 + } + }, + { + "table_id":13, + "table_name":"TSG_FIELD_HTTP_HOST", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] + }, + { + "table_id":14, + "table_name":"TSG_FIELD_HTTP_URL", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_URL"] + }, + { + "table_id":15, + "table_name":"TSG_FIELD_HTTP_REQ_HDR", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_HTTP_SIGNATURE"] + }, + { + "table_id":16, + "table_name":"TSG_FIELD_HTTP_RES_HDR", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_HTTP_SIGNATURE"] + }, + { + "table_id":17, + "table_name":"TSG_FIELD_HTTP_REQ_BODY", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_KEYWORDS"] + }, + { + "table_id":18, + "table_name":"TSG_FIELD_HTTP_RES_BODY", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_KEYWORDS"] + }, + { + "table_id":19, + "table_name":"TSG_FIELD_SSL_SNI", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] + }, + { + "table_id":20, + "table_name":"TSG_FIELD_SSL_CN", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] + }, + { + "table_id":21, + "table_name":"TSG_FIELD_SSL_SAN", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] + }, + { + "table_id":22, + "table_name":"TSG_FIELD_DNS_QNAME", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] + }, + { + "table_id":23, + "table_name":"TSG_FIELD_QUIC_SNI", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] + }, + { + "table_id":24, + "table_name":"TSG_FIELD_MAIL_ACCOUNT", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_ACCOUNT"] + }, + { + "table_id":25, + "table_name":"TSG_FIELD_MAIL_FROM", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_ACCOUNT"] + }, + { + "table_id":26, + "table_name":"TSG_FIELD_MAIL_TO", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_ACCOUNT"] + }, + { + "table_id":27, + "table_name":"TSG_FIELD_MAIL_SUBJECT", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_KEYWORDS"] + }, + { + "table_id":28, + "table_name":"TSG_FIELD_MAIL_CONTENT", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_KEYWORDS"] + }, + { + "table_id":29, + "table_name":"TSG_FIELD_MAIL_ATT_NAME", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_KEYWORDS"] + }, + { + "table_id":30, + "table_name":"TSG_FIELD_MAIL_ATT_CONTENT", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_KEYWORDS"] + }, + { + "table_id":31, + "table_name":"TSG_FIELD_FTP_URI", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_URL"] + }, + { + "table_id":32, + "table_name":"TSG_FIELD_FTP_CONTENT", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_KEYWORDS"] + }, + { + "table_id":33, + "table_name":"TSG_FIELD_FTP_ACCOUNT", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_ACCOUNT"] + }, + { + "table_id":34, + "table_name":"TSG_SECURITY_SOURCE_ADDR", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_IP_ADDR"] + }, + { + "table_id":35, + "table_name":"TSG_SECURITY_DESTINATION_ADDR", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_IP_ADDR"] + }, + { + "table_id":36, + "table_name":"TSG_IP_ASN_BUILT_IN", + "table_type":"ip_plugin", + "valid_column":19, + "custom": { + "item_id":1, + "ip_type":3, + "start_ip":4, + "end_ip":5, + "addr_format":7 + } + }, + { + "table_id":37, + "table_name":"TSG_IP_ASN_USER_DEFINED", + "table_type":"ip_plugin", + "valid_column":19, + "custom": { + "item_id":1, + "ip_type":3, + "start_ip":4, + "end_ip":5, + "addr_format":7 + } + }, + { + "table_id":38, + "table_name":"TSG_IP_LOCATION_BUILT_IN", + "table_type":"ip_plugin", + "valid_column":19, + "custom": { + "item_id":1, + "ip_type":3, + "start_ip":4, + "end_ip":5, + "addr_format":7 + } + }, + { + "table_id":39, + "table_name":"TSG_IP_LOCATION_USER_DEFINED", + "table_type":"ip_plugin", + "valid_column":19, + "custom": { + "item_id":1, + "ip_type":3, + "start_ip":4, + "end_ip":5, + "addr_format":7 + } + }, + { + "table_id":40, + "table_name":"TSG_OBJ_AS_NUMBER", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":41, + "table_name":"TSG_SECURITY_SOURCE_ASN", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_AS_NUMBER"] + }, + { + "table_id":42, + "table_name":"TSG_SECURITY_DESTINATION_ASN", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_AS_NUMBER"] + }, + { + "table_id":43, + "table_name":"TSG_OBJ_GEO_LOCATION", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":44, + "table_name":"TSG_SECURITY_SOURCE_LOCATION", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_GEO_LOCATION"] + }, + { + "table_id":45, + "table_name":"TSG_SECURITY_DESTINATION_LOCATION", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_GEO_LOCATION"] + }, + { + "table_id":46, + "table_name":"TSG_FQDN_CATEGORY_BUILT_IN", + "table_type":"fqdn_plugin", + "valid_column":5, + "custom": { + "item_id":1, + "suffix_match_method":4, + "fqdn":3 + } + }, + { + "table_id":47, + "table_name":"TSG_FQDN_CATEGORY_USER_DEFINED", + "table_type":"fqdn_plugin", + "valid_column":5, + "custom": { + "item_id":1, + "suffix_match_method":4, + "fqdn":3 + } + }, + { + "table_id":48, + "table_name":"TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_ACCOUNT"] + }, + { + "table_id":49, + "table_name":"TSG_FIELD_SIP_RESPONDER_DESCRIPTION", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_ACCOUNT"] + }, + { + "table_id":50, + "table_name":"TSG_OBJ_IMSI", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":51, + "table_name":"TSG_OBJ_PHONE_NUMBER", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":52, + "table_name":"TSG_OBJ_APN", + "table_type":"expr", + "valid_column":7, + "custom": { + "scan_mode":"block", + "pattern_type":"literal", + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":53, + "table_name":"TSG_FILED_GTP_IMSI", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_IMSI"] + }, + { + "table_id":54, + "table_name":"TSG_FILED_GTP_PHONE_NUMBER", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_PHONE_NUMBER"] + }, + { + "table_id":55, + "table_name":"TSG_FILED_GTP_APN", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_APN"] + }, + { + "table_id":56, + "table_name":"TSG_DECYPTION_EXCLUSION_SSL_SNI", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] + }, + { + "table_id":57, + "table_name":"TSG_OBJ_TUNNEL_ID", + "table_type":"intval", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "low_bound":3, + "up_bound":4 + } + }, + { + "table_id":58, + "table_name":"TSG_TUNNEL_CATALOG", + "table_type":"bool_plugin", + "valid_column":5, + "custom": { + "item_id":1, + "bool_expr":4 + } + }, + { + "table_id":59, + "table_name":"TSG_TUNNEL_ENDPOINT", + "table_type":"ip_plugin", + "valid_column":6, + "custom": { + "item_id":1, + "ip_type":2, + "start_ip":3, + "end_ip":4, + "addr_format":7 + } + }, + { + "table_id":60, + "table_name":"TSG_TUNNEL_LABEL", + "table_type":"plugin", + "valid_column":4, + "custom": { + "key":1, + "tag":3 + } + }, + { + "table_id":61, + "table_name":"TSG_SECURITY_TUNNEL", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_TUNNEL_ID"] + }, + { + "table_id":62, + "table_name":"TSG_OBJ_FLAG", + "table_type":"flag", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "flag":3, + "flag_mask":4 + } + }, + { + "table_id":63, + "table_name":"TSG_SECURITY_FLAG", + "table_type":"virtual", + "physical_table": ["TSG_OBJ_FLAG"] + } +] \ No newline at end of file diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf index 5e3e475..5253d68 100644 --- a/bin/tsg_log_field.conf +++ b/bin/tsg_log_field.conf @@ -1,13 +1,13 @@ #TYPE:1:UCHAR,2:USHORT,3:ULONG,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET #TYPE TOPIC SERVICE TOPIC SECURITY-EVENT 0 -TOPIC SESSION-RECORD 2 -TOPIC INTERNAL-RTP-RECORD 4 -TOPIC VOIP-RECORD 5 -TOPIC INTERIM-SESSION-RECORD 6 -TOPIC TRANSACTION-RECORD 7 -TOPIC GTPC-RECORD 8 -TOPIC BGP-RECORD 9 +TOPIC SESSION-RECORD 1 +TOPIC INTERNAL-RTP-RECORD 2 +TOPIC VOIP-RECORD 3 +TOPIC INTERIM-SESSION-RECORD 4 +TOPIC TRANSACTION-RECORD 5 +TOPIC GTPC-RECORD 6 +TOPIC BGP-RECORD 7 #TYPE FIELD VALUE LONG common_policy_id 1 diff --git a/bin/tsg_maat.json b/bin/tsg_maat.json index 1d2db87..e5c5f92 100644 --- a/bin/tsg_maat.json +++ b/bin/tsg_maat.json @@ -9,7 +9,7 @@ "action": 1, "do_blacklist": 0, "do_log": 1, - "effective_rage": 0, + "tags": "{}", "user_region": "Virtual", "is_valid": "yes", "groups": [ @@ -23,14 +23,13 @@ "table_name": "TSG_OBJ_IP_ADDR", "table_content": { "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "192.168.41.228", - "src_ip2": "192.168.41.228", - "sport_format": "range", - "src_port1": "0", - "src_port2": "0", - "protocol": 6, - "direction": "double" + "addr_format": "range", + "ip1": "192.168.41.228", + "ip2": "192.168.41.228", + "port_format": "range", + "port1": "0", + "port2": "0", + "protocol": -1 } } ] diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf index 0cdf375..c5d3380 100644 --- a/bin/tsg_static_tableinfo.conf +++ b/bin/tsg_static_tableinfo.conf @@ -94,6 +94,6 @@ 78 TSG_TUNNEL_LABEL plugin {"key":2,"valid":3} -- 79 TSG_SECURITY_TUNNEL virtual TSG_OBJ_TUNNEL_ID -- 80 TSG_OBJ_FLAG flag -- -81 TSG_SECURITY_FLAG virtual TSG_OBJ_FLAG -- +81 TSG_SECURITY_FLAG virtual TSG_OBJ_FLAG -- 82 TRAFFIC_SHAPING_PROFILE plugin {"key":1,"valid":7} 83 T_VSYS_INFO plugin {"key":1,"valid":3} diff --git a/bin/tsg_static_tableinfo.json b/bin/tsg_static_tableinfo.json new file mode 100644 index 0000000..b4873d0 --- /dev/null +++ b/bin/tsg_static_tableinfo.json @@ -0,0 +1,826 @@ +[ + { + "table_id": 0, + "table_name": "TSG_COMPILE", + "db_tables":["TSG_SECURITY_COMPILE", "TRAFFIC_SHAPING_COMPILE", "SERVICE_CHAINING_COMPILE", "PXY_TCP_OPTION_COMPILE", "APP_SELECTOR_COMPILE"], + "table_type": "compile", + "user_region_encoded": "escape", + "valid_column": 8, + "custom": { + "compile_id": 1, + "service_id": 2, + "action": 3, + "do_blacklist": 4, + "do_log": 5, + "tags": 6, + "user_region": 7, + "clause_num": 9, + "evaluation_order":10 + } + }, + { + "table_id": 1, + "table_name": "TSG_GROUP_COMPILE_RELATION", + "db_tables":["GROUP_SECURITY_COMPILE_RELATION", "GROUP_SHAPING_COMPILE_RELATION", "GROUP_SERVICE_CHAINING_COMPILE_RELATION", "GROUP_PXY_TCP_OPTION_COMPILE_RELATION", "APP_SELECTOR_GROUP_COMPILE_RELATION"], + "table_type": "group2compile", + "associated_compile_table_id": 0, + "valid_column": 3, + "custom": { + "group_id": 1, + "compile_id": 2, + "not_flag": 4, + "virtual_table_name": 5, + "clause_index": 6 + } + }, + { + "table_id": 2, + "table_name": "TSG_GROUP_GROUP_RELATION", + "db_tables": ["GROUP_GROUP_RELATION", "APP_SELECTOR_GROUP_GROUP_RELATION"], + "table_type": "group2group", + "valid_column": 3, + "custom": { + "group_id": 1, + "super_group_id": 2 + } + }, + { + "table_id": 3, + "table_name": "TSG_IP_ADDR", + "db_tables": ["TSG_OBJ_IP_ADDR", "TSG_OBJ_IP_LEARNING_ADDR"], + "table_type": "ip_plus", + "valid_column": 11, + "custom": { + "item_id":1, + "group_id":2, + "addr_type":3, + "addr_format":4, + "ip1":5, + "ip2":6, + "port_format":7, + "port1":8, + "port2":9, + "protocol":10 + } + }, + { + "table_id": 4, + "table_name": "TSG_OBJ_SUBSCRIBER_ID", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 5, + "table_name": "TSG_OBJ_ACCOUNT", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 5, + "table_name": "TSG_OBJ_URL", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 7, + "table_name": "TSG_OBJ_FQDN", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 8, + "table_name": "TSG_OBJ_FQDN_CAT", + "table_type": "intval", + "valid_column": 5, + "custom": { + "item_id": 1, + "group_id": 2, + "low_bound": 3, + "up_bound": 4 + } + }, + { + "table_id": 9, + "table_name": "TSG_OBJ_KEYWORDS", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 10, + "table_name": "TSG_OBJ_APP_ID", + "table_type": "intval", + "valid_column": 5, + "custom": { + "item_id": 1, + "group_id": 2, + "low_bound": 3, + "up_bound": 4 + } + }, + { + "table_id": 11, + "table_name": "TSG_OBJ_HTTP_SIGNATURE", + "table_type": "expr_plus", + "valid_column": 8, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "district": 3, + "keywords": 4, + "expr_type": 5, + "match_method": 6, + "is_hexbin": 7 + } + }, + { + "table_id": 12, + "table_name": "TSG_OBJ_FQDN_CAT", + "table_type": "intval", + "valid_column": 5, + "custom": { + "item_id": 1, + "group_id": 2, + "low_bound": 3, + "up_bound": 4 + } + }, + { + "table_id": 13, + "table_name": "TSG_FIELD_HTTP_HOST", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 14, + "table_name": "TSG_FIELD_HTTP_HOST_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" + }, + { + "table_id": 15, + "table_name": "TSG_FIELD_HTTP_URL", + "table_type": "virtual", + "physical_table": "TSG_OBJ_URL" + }, + { + "table_id": 16, + "table_name": "TSG_FIELD_HTTP_REQ_HDR", + "table_type": "virtual", + "physical_table": "TSG_OBJ_HTTP_SIGNATURE" + }, + { + "table_id": 17, + "table_name": "TSG_FIELD_HTTP_RES_HDR", + "table_type": "virtual", + "physical_table": "TSG_OBJ_HTTP_SIGNATURE" + }, + { + "table_id": 18, + "table_name": "TSG_FIELD_HTTP_REQ_BODY", + "table_type": "virtual", + "physical_table": "TSG_OBJ_KEYWORDS" + }, + { + "table_id": 19, + "table_name": "TSG_FIELD_HTTP_RES_BODY", + "table_type": "virtual", + "physical_table": "TSG_OBJ_KEYWORDS" + }, + { + "table_id": 20, + "table_name": "TSG_FIELD_SSL_SNI", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 21, + "table_name": "TSG_FIELD_SSL_SNI_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" + }, + { + "table_id": 22, + "table_name": "TSG_FIELD_SSL_CN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 23, + "table_name": "TSG_FIELD_SSL_CN_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" + }, + { + "table_id": 24, + "table_name": "TSG_FIELD_SSL_SAN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 25, + "table_name": "TSG_FIELD_SSL_SAN_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" + }, + { + "table_id": 26, + "table_name": "TSG_FIELD_DNS_QNAME", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 27, + "table_name": "TSG_FIELD_DNS_QNAME_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" + }, + { + "table_id": 28, + "table_name": "TSG_FIELD_QUIC_SNI", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 29, + "table_name": "TSG_FIELD_QUIC_SNI_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" + }, + { + "table_id": 30, + "table_name": "TSG_FIELD_MAIL_ACCOUNT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_ACCOUNT" + }, + { + "table_id": 31, + "table_name": "TSG_FIELD_MAIL_FROM", + "table_type": "virtual", + "physical_table": "TSG_OBJ_ACCOUNT" + }, + { + "table_id": 32, + "table_name": "TSG_FIELD_MAIL_TO", + "table_type": "virtual", + "physical_table": "TSG_OBJ_ACCOUNT" + }, + { + "table_id": 33, + "table_name": "TSG_FIELD_MAIL_SUBJECT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_KEYWORDS" + }, + { + "table_id": 34, + "table_name": "TSG_FIELD_MAIL_CONTENT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_KEYWORDS" + }, + { + "table_id": 35, + "table_name": "TSG_FIELD_MAIL_ATT_NAME", + "table_type": "virtual", + "physical_table": "TSG_OBJ_KEYWORDS" + }, + { + "table_id": 36, + "table_name": "TSG_FIELD_MAIL_ATT_CONTENT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_KEYWORDS" + }, + { + "table_id": 37, + "table_name": "TSG_FIELD_FTP_URI", + "table_type": "virtual", + "physical_table": "TSG_OBJ_URL" + }, + { + "table_id": 38, + "table_name": "TSG_FIELD_FTP_CONTENT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_KEYWORDS" + }, + { + "table_id": 39, + "table_name": "TSG_FIELD_FTP_ACCOUNT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_ACCOUNT" + }, + { + "table_id": 40, + "table_name": "TSG_SECURITY_SOURCE_ADDR", + "table_type": "virtual", + "physical_table": "TSG_OBJ_IP_ADDR" + }, + { + "table_id": 41, + "table_name": "TSG_SECURITY_DESTINATION_ADDR", + "table_type": "virtual", + "physical_table": "TSG_OBJ_IP_ADDR" + }, + { + "table_id": 42, + "table_name": "TSG_IP_ASN_BUILT_IN", + "table_type": "ip_plugin", + "valid_column": 19, + "custom": { + "item_id": 1, + "key_type": "pointer", + "ip_type": 3, + "start_ip": 4, + "end_ip": 5, + "addr_format": 7 + } + }, + { + "table_id": 43, + "table_name": "TSG_IP_ASN_USER_DEFINED", + "table_type": "ip_plugin", + "valid_column": 19, + "custom": { + "item_id": 1, + "key_type": "pointer", + "ip_type": 3, + "start_ip": 4, + "end_ip": 5, + "addr_format": 7 + } + }, + { + "table_id": 44, + "table_name": "TSG_IP_LOCATION_BUILT_IN", + "table_type": "ip_plugin", + "valid_column": 19, + "custom": { + "item_id": 1, + "key_type": "pointer", + "ip_type": 3, + "start_ip": 4, + "end_ip": 5, + "addr_format": 7 + } + }, + { + "table_id": 45, + "table_name": "TSG_IP_LOCATION_USER_DEFINED", + "table_type": "ip_plugin", + "valid_column": 19, + "custom": { + "item_id": 1, + "key_type": "pointer", + "ip_type": 3, + "start_ip": 4, + "end_ip": 5, + "addr_format": 7 + } + }, + { + "table_id": 46, + "table_name": "TSG_OBJ_AS_NUMBER", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 47, + "table_name": "TSG_SECURITY_SOURCE_ASN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_AS_NUMBER" + }, + { + "table_id": 48, + "table_name": "TSG_SECURITY_DESTINATION_ASN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_AS_NUMBER" + }, + { + "table_id": 49, + "table_name": "TSG_OBJ_GEO_LOCATION", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 50, + "table_name": "TSG_SECURITY_SOURCE_LOCATION", + "table_type": "virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id": 51, + "table_name": "TSG_SECURITY_DESTINATION_LOCATION", + "table_type": "virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id": 52, + "table_name": "TSG_FQDN_CATEGORY_BUILT_IN", + "table_type": "fqdn_plugin", + "valid_column": 5, + "custom": { + "item_id": 1, + "key_type": "pointer", + "suffix_match_method": 4, + "fqdn": 3 + } + }, + { + "table_id": 53, + "table_name": "TSG_FQDN_CATEGORY_USER_DEFINED", + "table_type": "fqdn_plugin", + "valid_column": 5, + "custom": { + "item_id": 1, + "key_type": "pointer", + "suffix_match_method": 4, + "fqdn": 3 + } + }, + { + "table_id": 54, + "table_name": "TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION", + "table_type": "virtual", + "physical_table": "TSG_OBJ_ACCOUNT" + }, + { + "table_id": 55, + "table_name": "TSG_FIELD_SIP_RESPONDER_DESCRIPTION", + "table_type": "virtual", + "physical_table": "TSG_OBJ_ACCOUNT" + }, + { + "table_id": 56, + "table_name": "TSG_OBJ_IMSI", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 57, + "table_name": "TSG_OBJ_PHONE_NUMBER", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 58, + "table_name": "TSG_OBJ_APN", + "table_type": "expr", + "valid_column": 7, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "keywords": 3, + "expr_type": 4, + "match_method": 5, + "is_hexbin": 6 + } + }, + { + "table_id": 59, + "table_name": "TSG_FILED_GTP_IMSI", + "table_type": "virtual", + "physical_table": "TSG_OBJ_IMSI" + }, + { + "table_id": 60, + "table_name": "TSG_FILED_GTP_PHONE_NUMBER", + "table_type": "virtual", + "physical_table": "TSG_OBJ_PHONE_NUMBER" + }, + { + "table_id": 61, + "table_name": "TSG_FILED_GTP_APN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_APN" + }, + { + "table_id": 62, + "table_name": "TSG_DECYPTION_EXCLUSION_SSL_SNI", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 63, + "table_name": "TSG_OBJ_TUNNEL_ID", + "table_type": "intval", + "valid_column": 5, + "custom": { + "item_id": 1, + "group_id": 2, + "low_bound": 3, + "up_bound": 4 + } + }, + { + "table_id": 64, + "table_name": "TSG_TUNNEL_CATALOG", + "table_type": "bool_plugin", + "valid_column": 5, + "custom": { + "item_id": 1, + "key_type": "integer", + "bool_expr": 4 + } + }, + { + "table_id": 65, + "table_name": "TSG_TUNNEL_ENDPOINT", + "table_type": "ip_plugin", + "valid_column": 6, + "custom": { + "item_id": 1, + "key_type": "pointer", + "ip_type": 2, + "start_ip": 3, + "end_ip": 4, + "addr_format": 7 + } + }, + { + "table_id": 66, + "table_name": "TSG_TUNNEL_LABEL", + "table_type": "plugin", + "valid_column": 4, + "custom": { + "key": 1, + "key_type": "integer" + } + }, + { + "table_id": 67, + "table_name": "TSG_SECURITY_TUNNEL", + "table_type": "virtual", + "physical_table": "TSG_OBJ_TUNNEL_ID" + }, + { + "table_id": 68, + "table_name": "TSG_OBJ_FLAG", + "table_type": "flag", + "valid_column": 5, + "custom": { + "item_id": 1, + "group_id": 2, + "flag": 3, + "flag_mask": 4 + } + }, + { + "table_id": 69, + "table_name": "TSG_SECURITY_FLAG", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FLAG" + }, + { + "table_id": 70, + "table_name": "APP_SELECTOR_ID", + "table_type": "intval", + "valid_column": 5, + "custom": { + "item_id": 1, + "group_id": 2, + "low_bound": 3, + "up_bound": 4 + } + }, + { + "table_id": 71, + "table_name": "APP_SELECTOR_PROPERTIES", + "table_type": "expr_plus", + "valid_column": 8, + "custom": { + "scan_mode": "block", + "pattern_type": "literal", + "item_id": 1, + "group_id": 2, + "district": 3, + "keywords": 4, + "expr_type": 5, + "match_method": 6, + "is_hexbin": 7 + } + }, + { + "table_id": 72, + "table_name": "APP_ID_DICT", + "table_type": "plugin", + "valid_column": 18, + "custom": { + "key": 1, + "key_type": "integer" + } + }, + { + "table_id": 73, + "table_name": "APP_SIGNATURE_UPDATE_PROFILE", + "table_type": "plugin", + "valid_column": 5, + "custom": { + "key": 1, + "key_type": "integer", + "foreign": [ + 2, + 3 + ] + } + }, + { + "table_id": 74, + "table_name": "PXY_TCP_OPTION_SOURCE_ADDR", + "table_type": "virtual", + "physical_table": "TSG_OBJ_IP_ADDR" + }, + { + "table_id": 75, + "table_name": "PXY_TCP_OPTION_DESTINATION_ADDR", + "table_type": "virtual", + "physical_table": "TSG_OBJ_IP_ADDR" + }, + { + "table_id": 76, + "table_name": "PXY_TCP_OPTION_SERVER_FQDN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 77, + "table_name": "PXY_TCP_OPTION_SERVER_FQDN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" + }, + { + "table_id": 78, + "table_name": "TRAFFIC_SHAPING_PROFILE", + "table_type": "plugin", + "valid_column": 7, + "custom": { + "key": 1, + "key_type": "integer" + } + }, + { + "table_id": 79, + "table_name": "TSG_DYN_MOBILE_IDENTITY_APN_TEID", + "table_type": "plugin", + "valid_column": 7, + "custom": { + "key": 2, + "key_type": "integer" + } + }, + { + "table_id": 80, + "table_name": "TSG_DYN_SUBSCRIBER_IP", + "table_type": "plugin", + "valid_column": 5, + "custom": { + "key": 3, + "key_type": "pointer" + } + }, + { + "table_id": 81, + "table_name": "TSG_PROFILE_DNS_RECORDS", + "table_type": "plugin", + "valid_column": 5, + "custom": { + "key": 1, + "key_type": "integer" + } + }, + { + "table_id": 82, + "table_name": "TSG_PROFILE_RESPONSE_PAGES", + "table_type": "plugin", + "valid_column": 5, + "custom": { + "key": 1, + "key_type": "integer", + "foreign": [ + 4 + ] + } + }, + { + "table_id": 83, + "table_name": "TSG_PROFILE_TRAFFIC_MIRROR", + "table_type": "plugin", + "valid_column": 4, + "custom": { + "key": 1, + "key_type": "integer" + } + }, + { + "table_id": 84, + "table_name": "T_VSYS_INFO", + "table_type": "plugin", + "valid_column": 3, + "custom": { + "key": 1, + "key_type": "integer" + } + }, + { + "table_id": 85, + "table_name": "TSG_FIELD_DTLS_SNI", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 86, + "table_name": "TSG_FIELD_DTLS_SNI_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" + } +] diff --git a/ctest/CMakeLists.txt b/ctest/CMakeLists.txt index cc7d15b..8fbcced 100644 --- a/ctest/CMakeLists.txt +++ b/ctest/CMakeLists.txt @@ -7,15 +7,22 @@ add_test(NAME COPY_GTEST_MAIN_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/ add_test(NAME COPY_GTEST_MAAT_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/maat.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") add_test(NAME COPY_GTEST_LOG_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_log_field.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") add_test(NAME COPY_GTEST_PROTO_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_l7_protocol.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") -add_test(NAME COPY_GTEST_TABLEINFO COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_static_tableinfo.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") +add_test(NAME COPY_GTEST_TABLEINFO COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_static_tableinfo.json ${CMAKE_BINARY_DIR}/testing/tsgconf/") add_test(NAME COPY_GTEST_MAAT_RULE COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/gtest_maat.json ${CMAKE_BINARY_DIR}/testing/tsgconf/tsg_maat.json") +add_test(NAME COPY_GTEST_PROFILE_RESPONSE_PAGES COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/foreign_files ${CMAKE_BINARY_DIR}/testing/") -#add_test(NAME COPY_GTEST_RULE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_rule ${CMAKE_BINARY_DIR}/testing/") +add_test(NAME COPY_GTEST_RULE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_rule ${CMAKE_BINARY_DIR}/testing/") +add_test(NAME COPY_GTEST_BRIDGE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_bridge ${CMAKE_BINARY_DIR}/testing/") +add_test(NAME COPY_GTEST_ACTION_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_action ${CMAKE_BINARY_DIR}/testing/") +add_test(NAME COPY_GTEST_SENDLOG_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sendlog ${CMAKE_BINARY_DIR}/testing/") add_test(NAME COPY_GTEST_MASTER_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/") add_test(NAME COPY_GTEST_SYNC_SESSION_STATE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sync_session_state ${CMAKE_BINARY_DIR}/testing/") set(GTEST_RUN_DIR ${CMAKE_BINARY_DIR}/testing) -#add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR}) +add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR}) +add_test(NAME GTEST_BRIDGE COMMAND gtest_bridge WORKING_DIRECTORY ${GTEST_RUN_DIR}) +add_test(NAME GTEST_ACTION COMMAND gtest_action WORKING_DIRECTORY ${GTEST_RUN_DIR}) +add_test(NAME GTEST_SENDLOG COMMAND gtest_sendlog WORKING_DIRECTORY ${GTEST_RUN_DIR}) add_test(NAME GTEST_MASTER COMMAND gtest_master WORKING_DIRECTORY ${GTEST_RUN_DIR}) add_test(NAME GTEST_SYNC_SESSION_STATE COMMAND gtest_sync_session_state WORKING_DIRECTORY ${GTEST_RUN_DIR}) diff --git a/inc/app_label.h b/inc/app_label.h index 9aece37..d042ea3 100644 --- a/inc/app_label.h +++ b/inc/app_label.h @@ -1,5 +1,4 @@ -#ifndef __APP_LABEL_H__ -#define __APP_LABEL_H__ +#pragma once #define MAX_APP_ID_NUM 8 @@ -40,19 +39,19 @@ struct app_identify_result unsigned int surrogate_id[MAX_APP_ID_NUM]; }; -enum _ATTRIBUTE_TYPE +enum LUA_ATTRIBUTE_TYPE { - ATTRIBUTE_TYPE_UNKNOWN, - ATTRIBUTE_TYPE_IP, - ATTRIBUTE_TYPE_STRING, - ATTRIBUTE_TYPE_NUMERIC, - ATTRIBUTE_TYPE_BOOL, - _ATTRIBUTE_TYPE_MAX + LUA_ATTRIBUTE_TYPE_UNKNOWN, + LUA_ATTRIBUTE_TYPE_IP, + LUA_ATTRIBUTE_TYPE_STRING, + LUA_ATTRIBUTE_TYPE_NUMERIC, + LUA_ATTRIBUTE_TYPE_BOOL, + LUA_ATTRIBUTE_TYPE_MAX }; struct attribute_kv { - enum _ATTRIBUTE_TYPE type; + enum LUA_ATTRIBUTE_TYPE type; char *name; union { @@ -63,10 +62,9 @@ struct attribute_kv }; }; -struct user_defined_attribute_label +struct user_defined_attribute { - int attribute_num; - struct attribute_kv *attribute; + int n_akv; + struct attribute_kv *akv; }; -#endif diff --git a/inc/tsg_label.h b/inc/tsg_label.h index bcd401b..062c47b 100644 --- a/inc/tsg_label.h +++ b/inc/tsg_label.h @@ -1,5 +1,6 @@ -#ifndef __TSG_LABEL_H__ -#define __TSG_LABEL_H__ +#pragma once + +#include #define MAX_CATEGORY_ID_NUM 8 #define MAX_STR_FIELD_LEN 64 @@ -8,36 +9,35 @@ #define MAX_RESULT_NUM 8 -typedef enum _tsg_protocol +enum TSG_PROTOCOL { - PROTO_UNKONWN=0, - PROTO_IPv4=1, - PROTO_IPv6, - PROTO_TCP, - PROTO_UDP, - PROTO_HTTP, - PROTO_MAIL, - PROTO_DNS, - PROTO_FTP, - PROTO_SSL, - PROTO_SIP, - PROTO_BGP, - PROTO_STREAMING_MEDIA, - PROTO_QUIC, - PROTO_SSH, - PROTO_SMTP, - PROTO_IMAP, - PROTO_POP3, - PROTO_RTP, - PROTO_APP, - PROTO_L2TP, - PROTO_PPTP, - PROTO_STRATUM, - PROTO_RDP, - PROTO_DTLS, - PROTO_MAX -}tsg_protocol_t; - + PROTO_UNKONWN=0, + PROTO_IPv4=1, + PROTO_IPv6, + PROTO_TCP, + PROTO_UDP, + PROTO_HTTP, + PROTO_MAIL, + PROTO_DNS, + PROTO_FTP, + PROTO_SSL, + PROTO_SIP, + PROTO_BGP, + PROTO_STREAMING_MEDIA, + PROTO_QUIC, + PROTO_SSH, + PROTO_SMTP, + PROTO_IMAP, + PROTO_POP3, + PROTO_RTP, + PROTO_APP, + PROTO_L2TP, + PROTO_PPTP, + PROTO_STRATUM, + PROTO_RDP, + PROTO_DTLS, + PROTO_MAX +}; struct asn_info { @@ -86,29 +86,9 @@ struct tunnel_endpoint char *description; }; -struct session_attribute_label -{ - int http_action_file_size; - int fqdn_category_id_num; - tsg_protocol_t proto; - long establish_latency_ms; - struct asn_info *client_asn; - struct asn_info *server_asn; - struct location_info *client_location; - struct location_info *server_location; - struct subscribe_id_info *client_subscribe_id; - struct subscribe_id_info *server_subscribe_id; - char *ja3_fingerprint; - unsigned int fqdn_category_id[MAX_CATEGORY_ID_NUM]; - struct umts_user_info *user_info; - struct tunnel_endpoint *client_endpoint; - struct tunnel_endpoint *server_endpoint; - unsigned long session_flags; -}; - struct tsg_conn_sketch_notify_data { - tsg_protocol_t protocol; + enum TSG_PROTOCOL protocol; union { char *mail_eml_filename; @@ -117,12 +97,6 @@ struct tsg_conn_sketch_notify_data }pdata; }; -struct notify_shaping_policy -{ - int shaping_result_num; - struct Maat_rule_t shaping_result[MAX_RESULT_NUM]; -}; - enum NOTIFY_TYPE { NOTIFY_TYPE_MIRRORED=0, @@ -139,19 +113,19 @@ struct mirrored_vlan struct mirrored_stat { long bytes; - long packets; - int compile_id; + long packets; + long long compile_id; }; struct policy_capture_result { - int compile_id; + long long compile_id; char *packet_path; }; struct tsg_notify_data { - int compile_id; + long long compile_id; enum NOTIFY_TYPE type; union { @@ -181,7 +155,7 @@ struct http_s3_file struct business_notify_data { - tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) + enum TSG_PROTOCOL proto; //enum _tsg_protocol (tsg_types.h) union { struct http_s3_file *s3_http; @@ -189,4 +163,25 @@ struct business_notify_data }; }; -#endif +struct session_runtime_attribute; +const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream); +const char *srt_attribute_get_ja3_fingerprint(const struct session_runtime_attribute *srt_attribute); +const char *srt_attribute_get_client_subscriber_id(const struct session_runtime_attribute *srt_attribute); +const char *srt_attribute_get_server_subscriber_id(const struct session_runtime_attribute *srt_attribute); +const struct asn_info *srt_attribute_get_client_ip_asn(const struct session_runtime_attribute *srt_attribute); +const struct asn_info *srt_attribute_get_server_ip_asn(const struct session_runtime_attribute *srt_attribute); +const struct location_info *srt_attribute_get_client_ip_location(const struct session_runtime_attribute *srt_attribute); +const struct location_info *srt_attribute_get_server_ip_location(const struct session_runtime_attribute *srt_attribute); +size_t srt_attribute_get_category_ids(const struct session_runtime_attribute *srt_attribute, unsigned int *category_ids, size_t n_category_ids); + +int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned int *category_ids, int n_category_ids); + +struct session_runtime_process_context; +int session_runtime_process_context_async(const struct streaminfo *a_stream, void *data); +const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream); +// return NULL; http host or ssl sni or quic sni or dtls sni +const char *srt_process_context_get_domain(const struct session_runtime_process_context *srt_process_context); +const char *srt_process_context_get_http_url(const struct session_runtime_process_context *srt_process_context); +const char *srt_process_context_get_quic_ua(const struct session_runtime_process_context *srt_process_context); +enum TSG_PROTOCOL srt_process_context_get_protocol(const struct session_runtime_process_context *srt_process_context); + diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 44ae652..9a083d3 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -1,17 +1,7 @@ -#ifndef __TSG_RULE_H__ -#define __TSG_RULE_H__ - -#include +#pragma once #include "tsg_label.h" -#define TSG_DOMAIN_MAX 256 -#define MAX_APP_ID_PROPERTY_LEN 128 - -#ifndef MAX_DOMAIN_LEN -#define MAX_DOMAIN_LEN 2048 -#endif - #define TSG_ACTION_NONE 0x00 #define TSG_ACTION_MONITOR 0x01 #define TSG_ACTION_INTERCEPT 0x02 @@ -19,9 +9,21 @@ #define TSG_ACTION_SHAPING 0x20 #define TSG_ACTION_MANIPULATE 0x30 #define TSG_ACTION_S_CHAINING 0x40 -#define TSG_ACTION_BYPASS 0x80 +#define TSG_ACTION_BYPASS 0x60 +#define TSG_ACTION_SHUNT 0x80 #define TSG_ACTION_MAX 0x80 +enum TSG_SERVICE +{ + TSG_SERVICE_SECURITY=2, + TSG_SERVICE_INTERCEPT=3, + TSG_SERVICE_CHAINING=5, + TSG_SERVICE_SHAPING=6, + TSG_SERVICE_PRE_SIGNATURE=7, + TSG_SERVICE_SIGNATURE=8, + TSG_SERVICE_MAX +}; + enum TSG_METHOD_TYPE { TSG_METHOD_TYPE_UNKNOWN=0, @@ -33,69 +35,44 @@ enum TSG_METHOD_TYPE TSG_METHOD_TYPE_ALERT, TSG_METHOD_TYPE_RATE_LIMIT, TSG_METHOD_TYPE_MIRRORED, - TSG_METHOD_TYPE_TAMPER, - TSG_METHOD_TYPE_DEFAULT, - TSG_METHOD_TYPE_APP_DROP, - TSG_METHOD_TYPE_ALLOW, + TSG_METHOD_TYPE_TAMPER, + TSG_METHOD_TYPE_DEFAULT, + TSG_METHOD_TYPE_APP_DROP, + TSG_METHOD_TYPE_ALLOW, + TSG_METHOD_TYPE_SHUNT, TSG_METHOD_TYPE_MAX }; -struct identify_info -{ - tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) - int domain_len; - char domain[MAX_DOMAIN_LEN]; -}; - -typedef enum _PULL_RESULT_TYPE -{ - PULL_KNI_RESULT, - PULL_FW_RESULT, - PULL_ALL_RESULT -}PULL_RESULT_TYPE; - -extern Maat_feather_t g_tsg_maat_feather; - -int tsg_rule_init(const char *conffile, void *logger); - -int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); -int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info); -int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num); - -char *tsg_pull_quic_ua(struct streaminfo *a_stream); -char *tsg_pull_http_url(struct streaminfo *a_stream); - - -//return NULL if none exists, otherwise return one deny rule; -struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num); - enum ACTION_RETURN_TYPE { ACTION_RETURN_TYPE_PROT=0, ACTION_RETURN_TYPE_APP, ACTION_RETURN_TYPE_TCPALL }; -unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data); -int tsg_get_method_id(char *method); +extern struct maat *g_tsg_maat_feather; -int tsg_free_compile_user_region(const struct Maat_rule_t *rule, struct compile_user_region *user_region); -struct compile_user_region *tsg_get_compile_user_region(const Maat_feather_t maat_feather, struct Maat_rule_t *result); +struct maat_rule +{ + long long rule_id; + unsigned char action; + unsigned char service_id; + unsigned char do_log; + unsigned char padding[5]; +}; +struct matched_policy_rules +{ + size_t n_rules; + struct maat_rule rules[MAX_RESULT_NUM]; +}; -////return -1 if none exists otherwise return >=0 -int tsg_get_column_integer_value(const char* line, int column_seq); +void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *rules, size_t n_rules, int thread_seq); +size_t tsg_matched_rules_select(struct maat *feather, TSG_SERVICE service, long long *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules); +size_t tsg_scan_nesting_addr(const struct streaminfo *a_stream, struct maat *feather, enum TSG_PROTOCOL proto, struct maat_state *s_mid, struct maat_rule *rules, size_t n_rules); +size_t session_matched_rules_copy(const struct streaminfo *a_stream, enum TSG_SERVICE service, struct maat_rule *rules, size_t n_rules); -//return NULL if none exists, otherwise return value; -char *tsg_get_column_string_value(const char* line, int column_seq); +int tsg_get_fqdn_category_ids(struct maat *feather, char *fqdn, unsigned int *category_ids, int n_category_ids); -int tsg_set_fqdn_category_id(const struct streaminfo *a_stream, unsigned int *category_id, int category_id_num, int thread_seq); -int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq); -int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq); -int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq); -int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); -int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); -int tsg_notify_hited_security_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); -int tsg_notify_hited_s_chaining_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); +unsigned char tsg_enforing_deny(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data); -#endif diff --git a/inc/tsg_send_log.h b/inc/tsg_send_log.h index e65d433..a38c08e 100644 --- a/inc/tsg_send_log.h +++ b/inc/tsg_send_log.h @@ -1,28 +1,13 @@ -#ifndef __TSG_SEND_LOG_H__ -#define __TSG_SEND_LOG_H__ - -#include - -#ifndef PRINTADDR -#define PRINTADDR(a, b) ((b)addr), a->threadnum) : "") -#endif +#pragma once enum DO_LOG { LOG_ABORT=0, - LOG_ALL=1, + LOG_ALL=1, LOG_NOFILE=2, }; - -typedef struct _tsg_log -{ - int result_num; - Maat_rule_t *result; - struct streaminfo *a_stream; -}tsg_log_t; - -typedef enum _tld_type +enum TLD_TYPE { TLD_TYPE_UNKNOWN=0, TLD_TYPE_LONG=1, @@ -32,7 +17,19 @@ typedef enum _tld_type TLD_TYPE_CJSON, // TLD_TYPE_CJSON is obsolete, please use TLD_TYPE_OBJECT TLD_TYPE_OBJECT, TLD_TYPE_MAX -}TLD_TYPE; +}; + +enum LOG_TYPE +{ + LOG_TYPE_SECURITY_EVENT=0, + LOG_TYPE_SESSION_RECORD, + LOG_TYPE_INTERNAL_RTP_RECORD, + LOG_TYPE_VOIP_RECORD, + LOG_TYPE_INTERIM_SESSION_RECORD, + LOG_TYPE_TRANSACTION_RECORD, + LOG_TYPE_GTPC_RECORD, + LOG_TYPE_BGP_RECORD +}; struct TLD_handle_t; struct tsg_log_instance_t; @@ -40,24 +37,20 @@ struct tsg_log_instance_t; extern struct tsg_log_instance_t *g_tsg_log_instance; struct TLD_handle_t *TLD_create(int thread_id); - int TLD_search(struct TLD_handle_t *handle, char *key); -int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE type); -int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream); -int TLD_cancel(struct TLD_handle_t *handle); +int TLD_append(struct TLD_handle_t *handle, char *key, void *value, enum TLD_TYPE type); struct TLD_handle_t *TLD_duplicate(struct TLD_handle_t *handle); //type only TLD_TYPE_LONG/TLD_TYPE_STRING -int TLD_array_append(struct TLD_handle_t *handle, char *key, void **array, int array_num, TLD_TYPE type); - - -int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id); +int TLD_array_append(struct TLD_handle_t *handle, char *key, void **array, int array_num, enum TLD_TYPE type); +int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream); +int TLD_cancel(struct TLD_handle_t *handle); //return topic_id; return >=0 if success,otherwise return -1; -int tsg_register_topic(struct tsg_log_instance_t *instance, char *topic_name); +int tsg_register_topic(struct tsg_log_instance_t *instance, const char *topic_name); int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *payload, int payload_len, int thread_id); +int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream, enum LOG_TYPE log_type, struct maat_rule *rules, size_t n_rules, int thread_id); -unsigned long long tsg_get_stream_id(struct streaminfo *a_stream); -char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id); +unsigned long long tsg_get_stream_trace_id(const struct streaminfo *a_stream); +const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id); unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name); -#endif diff --git a/inc/tsg_statistic.h b/inc/tsg_statistic.h index be746a4..e13f3f8 100644 --- a/inc/tsg_statistic.h +++ b/inc/tsg_statistic.h @@ -20,8 +20,8 @@ struct _traffic_info long long out_packets; }; -int tsg_set_policy_flow(struct streaminfo *a_stream, Maat_rule_t *p_result, int thread_seq); -int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_info, int thread_seq); +int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_result, int thread_seq); +int tsg_set_intercept_flow(struct maat_rule *p_result, struct _traffic_info *traffic_info, int thread_seq); int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq); #endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8860ac1..33f1a0b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -2,14 +2,13 @@ cmake_minimum_required(VERSION 2.8) add_definitions(-fPIC) -set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp -tsg_sync_state.cpp) +set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp tsg_protocol.cpp tsg_sync_state.cpp tsg_variable.cpp) include_directories(${CMAKE_SOURCE_DIR}/inc) include_directories(/opt/MESA/include/MESA/) include_directories(/usr/include/) -set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maatframe pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer) +set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maat4 pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer) set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index 59ac035..44e89f2 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -17,26 +17,27 @@ #include #include -#include "app_label.h" #include "tsg_rule.h" +#include "app_label.h" #include "tsg_entry.h" +#include "tsg_bridge.h" #include "tsg_statistic.h" #include "tsg_send_log.h" #include "tsg_protocol_common.h" +#include "tsg_rule_internal.h" extern "C" int sendpacket_do_checksum(unsigned char *buf, int protocol, int len); -static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate::TemplateDictionary *tpl_dict, int policy_id) +static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate::TemplateDictionary *tpl_dict, long long policy_id) { char ip_str[128]={0}; - struct session_attribute_label *attr_label=NULL; - tpl_dict->SetIntValue("tsg_policy_id", policy_id); + tpl_dict->SetIntValue("tsg_policy_id", policy_id); //TODO - attr_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); - if(attr_label!=NULL && attr_label->client_subscribe_id!=NULL) + const struct session_runtime_attribute *srt_attribute=(const struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute!=NULL && srt_attribute->client_subscribe_id!=NULL) { - tpl_dict->SetFormattedValue("tsg_subscriber_id", "%s", attr_label->client_subscribe_id->subscribe_id); + tpl_dict->SetFormattedValue("tsg_subscriber_id", "%s", srt_attribute->client_subscribe_id->subscribe_id); } else { @@ -46,11 +47,11 @@ static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate: switch(a_stream->addr.addrtype) { - case ADDR_TYPE_IPV4: + case ADDR_TYPE_IPV4: inet_ntop(AF_INET, (const void *)&(a_stream->addr.ipv4->saddr), ip_str, sizeof(ip_str)); tpl_dict->SetFormattedValue("tsg_client_ip", "%s", ip_str); break; - case ADDR_TYPE_IPV6: + case ADDR_TYPE_IPV6: inet_ntop(AF_INET6, (const void *)(a_stream->addr.ipv6->saddr), ip_str, sizeof(ip_str)); tpl_dict->SetFormattedValue("tsg_client_ip", "%s", ip_str); break; @@ -62,7 +63,7 @@ static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate: return 0; } -static int set_drop_stream(const struct streaminfo *a_stream, tsg_protocol_t protocol) +static int set_drop_stream(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol) { int ret=0, opt_value=1; MESA_set_stream_opt(a_stream, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value)); @@ -89,7 +90,7 @@ static int set_drop_stream(const struct streaminfo *a_stream, tsg_protocol_t pro break; } - return STATE_DROPME|STATE_DROPPKT; + return STATE_DROPME|STATE_DROPPKT; } static int get_http_header(char *buff, int len, int code, char *user_define) @@ -153,7 +154,7 @@ static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void return 0; } -static void template_generate(const struct streaminfo *a_stream, int status_code, int policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq) +static void template_generate(const struct streaminfo *a_stream, int status_code, long long policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq) { std::string page_output, msg_output; ctemplate::Template *tpl=NULL; @@ -223,16 +224,14 @@ static void template_generate(const struct streaminfo *a_stream, int status_code return ; } -static int get_response_pages(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, char **payload, int thread_seq) +static int get_response_pages(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, char **payload, int thread_seq) { - char key[16]={0}; int payload_len=0; - struct http_response_pages *res_pages=NULL; switch(user_region->deny->type) { case TSG_DENY_TYPE_MESSAGE: - template_generate(a_stream, user_region->deny->code, p_result->config_id, user_region->deny->message, payload, (size_t *)&payload_len, thread_seq); + template_generate(a_stream, user_region->deny->code, p_result->rule_id, user_region->deny->message, payload, (size_t *)&payload_len, thread_seq); return payload_len; break; case TSG_DENY_TYPE_PROFILE: @@ -241,25 +240,24 @@ static int get_response_pages(const struct streaminfo *a_stream, struct Maat_rul break; } - snprintf(key, sizeof(key), "%d", user_region->deny->profile_id); - res_pages=(struct http_response_pages *)Maat_plugin_get_EX_data(g_tsg_maat_feather,g_tsg_para.table_id[TABLE_RESPONSE_PAGES], key); - if(res_pages!=NULL) + struct http_response_pages *response_pages=(struct http_response_pages *)matched_rule_cites_http_response_pages(g_tsg_maat_feather, (long long)user_region->deny->profile_id); + if(response_pages!=NULL) { - switch(res_pages->format) + switch(response_pages->format) { case HTTP_RESPONSE_FORMAT_HTML: - *payload=(char *)dictator_malloc(thread_seq, res_pages->content_len); - memcpy(*payload, res_pages->content, res_pages->content_len); - payload_len=res_pages->content_len; + *payload=(char *)dictator_malloc(thread_seq, response_pages->content_len); + memcpy(*payload, response_pages->content, response_pages->content_len); + payload_len=response_pages->content_len; break; case HTTP_RESPONSE_FORMAT_TEMPLATE: - template_generate(a_stream, user_region->deny->code, p_result->config_id, res_pages->content, payload, (size_t *)&payload_len, thread_seq); + template_generate(a_stream, user_region->deny->code, p_result->rule_id, response_pages->content, payload, (size_t *)&payload_len, thread_seq); break; default: break; } - http_response_pages_free(g_tsg_para.table_id[TABLE_RESPONSE_PAGES], (MAAT_PLUGIN_EX_DATA *)&res_pages, 0, NULL); + plugin_ex_data_http_response_pages_free(response_pages); } return payload_len; @@ -439,7 +437,7 @@ static int http_send_reponse_packet(const struct streaminfo *a_stream, char *pac return ip_tcp_hdr_len+http_hdr_len+payload_len; } -static int http_build_response_packet(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet) +static int http_build_response_packet(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *a_packet) { char *payload=NULL; char message[1024*64]={0}; @@ -465,7 +463,7 @@ static int http_build_response_packet(const struct streaminfo *a_stream, struct http_hdr_len=get_http_header(message+ip_tcp_hdr_len, sizeof(message)-ip_tcp_hdr_len, user_region->deny->code, NULL); payload_len=get_response_pages(a_stream, p_result, user_region, &payload, a_stream->threadnum); - set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE, (void *)&payload_len, sizeof(int), a_stream->threadnum); + srt_attribute_set_reponse_size(a_stream, payload_len); get_tcp_mss_option(a_stream, TCP_OPT_MSS, (void *)&max_segment_size); @@ -499,7 +497,7 @@ static int http_build_response_packet(const struct streaminfo *a_stream, struct return send_pkt_len; } -static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, char *url, int code, char *http_hdr, int http_hdr_len) +static int http_get_redirect_url(const struct streaminfo *a_stream, struct maat_rule *p_result, char *url, int code, char *http_hdr, int http_hdr_len) { int used_len=0; char *tmp_buff=NULL; @@ -510,7 +508,7 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_ { ctemplate::TemplateDictionary dict_303("url_dict"); //dict is automatically finalized after function returned. - replace_policy_variable(a_stream, &dict_303, p_result->config_id); + replace_policy_variable(a_stream, &dict_303, p_result->rule_id); tpl_303->Expand(&output, &dict_303); @@ -532,7 +530,7 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_ return used_len; } -static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol) +static unsigned char do_action_reset(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol) { if(a_stream->type==STREAM_TYPE_TCP) { @@ -550,7 +548,7 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul RLOG_LV_FATAL, "RST_TCP", "Send RST failed policy_id: %d service: %d action: %d addr: %s", - p_result->config_id, + p_result->rule_id, p_result->service_id, (unsigned char)p_result->action, PRINTADDR(a_stream, g_tsg_para.level) @@ -569,14 +567,13 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul return STATE_DROPPKT|STATE_DROPME; } - -static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *a_packet) +static unsigned char do_action_drop(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *a_packet) { switch(protocol) { case PROTO_DNS: return STATE_GIVEME|STATE_DROPPKT; - default: + default: set_drop_stream(a_stream, protocol); break; } @@ -584,7 +581,7 @@ static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data, enum ACTION_RETURN_TYPE type) +static unsigned char do_action_tamper(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data, enum ACTION_RETURN_TYPE type) { if(g_tsg_para.feature_tamper==0) { @@ -592,36 +589,35 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru return STATE_DROPME|STATE_DROPPKT; } - struct tcpall_context * _context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); - if(_context==NULL) - { - _context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context)); - memset(_context, 0, sizeof(struct tcpall_context)); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); - _context->method_type=TSG_METHOD_TYPE_TAMPER; - _context->tamper_count = 0; - } - else - { - _context->method_type = TSG_METHOD_TYPE_TAMPER; - _context->tamper_count = 0; - } + struct session_runtime_action_context * _context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + if(_context==NULL) + { + _context=(struct session_runtime_action_context *)dictator_malloc(a_stream->threadnum, sizeof(struct session_runtime_action_context)); + memset(_context, 0, sizeof(struct session_runtime_action_context)); + session_runtime_action_context_async(a_stream, (void *)_context); + _context->method_type=TSG_METHOD_TYPE_TAMPER; + _context->tamper_count = 0; + } + else + { + _context->method_type = TSG_METHOD_TYPE_TAMPER; + _context->tamper_count = 0; + } - //当前为tsg_master_plug暂时不处理在tsg_master_all_entry处理,防止命中发两次 - if(ACTION_RETURN_TYPE_APP == type) - { - return STATE_GIVEME|STATE_DROPPKT|STATE_KILL_OTHER; - } + if(ACTION_RETURN_TYPE_APP == type) + { + return STATE_GIVEME|STATE_DROPPKT|STATE_KILL_OTHER; + } - //TCP这里发送的话,tsg_master_all_entry仍会处理发送,UDP没有这个情况,所以加该判断 - if(a_stream->type == STREAM_TYPE_UDP) - { - send_tamper_xxx(a_stream, &_context->tamper_count, user_data); - } - return STATE_DROPME|STATE_DROPPKT; + if(a_stream->type == STREAM_TYPE_UDP) + { + send_tamper_xxx(a_stream, &_context->tamper_count, user_data); + } + + return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data) +static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data) { struct deny_user_region *deny_region=NULL; @@ -651,7 +647,7 @@ static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Ma case TSG_DENY_TYPE_DROP: struct compile_user_region tmp_user_region; tmp_user_region.deny=deny_region; - tmp_user_region.capture.enabled=0; + tmp_user_region.capture.enabled=0; tmp_user_region.capture.depth=0; tmp_user_region.method_type=TSG_METHOD_TYPE_DROP; do_action_drop(a_stream, p_result, &tmp_user_region, protocol, user_data); @@ -663,11 +659,11 @@ static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Ma return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type) +static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type) { struct leaky_bucket *bucket=create_bucket(user_region->deny->bps, a_stream->threadnum); - int ret=set_bucket_to_tcpall(a_stream, bucket, a_stream->threadnum); + int ret=srt_action_context_set_leaky_bucket(a_stream, bucket, a_stream->threadnum); if(ret==0) { destroy_bucket(&bucket, a_stream->threadnum); @@ -687,7 +683,7 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat return STATE_GIVEME|STATE_KILL_OTHER; } -static unsigned char do_action_block_sip(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data) +static unsigned char do_action_block_sip(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data) { int offset=0; char payload[1024]={0}; @@ -714,7 +710,7 @@ static unsigned char do_action_block_sip(const struct streaminfo *a_stream, Maat return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region) +static unsigned char do_action_block_mail(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region) { char *payload=NULL; @@ -739,7 +735,7 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet) +static unsigned char do_action_block_http(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *a_packet) { int opt_value=0; int send_pkt_len=0; @@ -766,7 +762,7 @@ static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maa return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data) +static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data) { if(user_region==NULL || user_region->deny==NULL) { @@ -796,7 +792,7 @@ static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region) +static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region) { int used_http_hdr_len=0; char http_hdr[1024]={0}; @@ -805,7 +801,7 @@ static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, switch(user_region->deny->code) { case 302: - case 303: + case 303: used_http_hdr_len=http_get_redirect_url(a_stream, p_result, user_region->deny->redirect_url_to, user_region->deny->code, http_hdr, sizeof(http_hdr)); break; default: @@ -819,16 +815,16 @@ static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data) +static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data) { if(user_region==NULL || user_region->deny==NULL) { - return do_action_drop(a_stream, p_result, user_region, protocol, user_data); - } + return do_action_drop(a_stream, p_result, user_region, protocol, user_data); + } switch(protocol) { - case PROTO_DNS: + case PROTO_DNS: return do_action_redirect_dns(a_stream, p_result, user_region, user_data); break; case PROTO_HTTP: @@ -842,7 +838,7 @@ static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, M return STATE_DROPME|STATE_DROPPKT; } -static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struct compile_user_region *user_region, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data) +static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struct compile_user_region *user_region, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data) { unsigned char local_state=STATE_GIVEME; unsigned char state=0; @@ -868,9 +864,9 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc case TSG_METHOD_TYPE_RATE_LIMIT: local_state=do_action_ratelimit(a_stream, p_result, user_region, type); break; - case TSG_METHOD_TYPE_TAMPER: - local_state = do_action_tamper(a_stream, p_result, user_region, protocol, user_data, type); - break; + case TSG_METHOD_TYPE_TAMPER: + local_state = do_action_tamper(a_stream, p_result, user_region, protocol, user_data, type); + break; case TSG_METHOD_TYPE_DEFAULT: local_state=do_action_default_xxx(a_stream, p_result, user_region, protocol, user_data); break; @@ -883,19 +879,18 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc if(type!=ACTION_RETURN_TYPE_TCPALL && user_region->deny->after_n_packets>0) { - set_protocol_to_tcpall(a_stream, protocol, a_stream->threadnum); - set_method_to_tcpall(a_stream, user_region->method_type, a_stream->threadnum); + srt_action_context_set_l7_protocol(a_stream, protocol, a_stream->threadnum); + srt_action_context_set_rule_method(a_stream, user_region->method_type, a_stream->threadnum); if(a_stream->type==STREAM_TYPE_UDP && type!=ACTION_RETURN_TYPE_PROT) { - set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets+1, a_stream->threadnum); + srt_action_context_set_after_n_packet(a_stream, user_region->deny->after_n_packets+1, a_stream->threadnum); } else { - set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets, a_stream->threadnum); + srt_action_context_set_after_n_packet(a_stream, user_region->deny->after_n_packets, a_stream->threadnum); } - //tsg_set_policy_result(a_stream, PULL_FW_RESULT, p_result, protocol, a_stream->threadnum); local_state=((type==ACTION_RETURN_TYPE_PROT) ? (STATE_DROPME) : (STATE_DROPME|STATE_KILL_OTHER)); break; } @@ -920,11 +915,11 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc break; } - tsg_notify_hited_monitor_result(a_stream, p_result, 1, a_stream->threadnum); + session_packet_capture_notify(a_stream, p_result, 1, a_stream->threadnum); if(method_type!=TSG_METHOD_TYPE_DEFAULT && method_type!=TSG_METHOD_TYPE_APP_DROP) { - set_method_to_tcpall(a_stream, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum); + srt_action_context_set_rule_method(a_stream, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum); } state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME); @@ -937,26 +932,23 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc return state; } -unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data) +unsigned char tsg_enforing_deny_application(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data) { - unsigned char state=0; - char app_id_buff[32]={0}; - struct app_id_dict *dict=NULL; - struct compile_user_region app_user_region={0}, *user_region=NULL; - - snprintf(app_id_buff, sizeof(app_id_buff), "%d", app_id); - dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); + struct app_id_dict *dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, (long long)app_id); if(dict==NULL) { set_drop_stream(a_stream, protocol); return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPPKT|PROT_STATE_DROPME: APP_STATE_DROPME|APP_STATE_DROPPKT); } + + unsigned char state=0; + struct compile_user_region app_user_region; - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); - if(user_region!=NULL) + struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id); + if(maat_compile!=NULL && maat_compile->user_region!=NULL) { - app_user_region.capture=user_region->capture; - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); + app_user_region.capture=maat_compile->user_region->capture; + plugin_ex_data_security_compile_free(maat_compile); } switch(dict->deny_app_para.type) @@ -974,29 +966,28 @@ unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_ } state=tsg_do_deny_action(a_stream, &app_user_region, p_result, protocol, type, user_data); - app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); + plugin_ex_data_app_id_dict_free(dict); return state; } -unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data) +unsigned char tsg_enforing_deny(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data) { - unsigned char state=0; - struct compile_user_region *user_region=NULL; - if(p_result->action==TSG_ACTION_BYPASS) { return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPME : APP_STATE_GIVEME); } - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); - if(user_region==NULL) + struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id); + if(maat_compile==NULL || maat_compile->user_region==NULL) { set_drop_stream(a_stream, protocol); return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPPKT|PROT_STATE_DROPME: APP_STATE_DROPME|APP_STATE_DROPPKT); } - if(user_region->method_type==TSG_METHOD_TYPE_APP_DROP) + unsigned char state=0; + + if(maat_compile->user_region->method_type==TSG_METHOD_TYPE_APP_DROP) { unsigned int app_id=0; @@ -1008,14 +999,14 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_ { app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name); } - state=tsg_deny_application(a_stream, p_result, protocol, app_id, ACTION_RETURN_TYPE_APP, user_data); + state=tsg_enforing_deny_application(a_stream, p_result, protocol, app_id, ACTION_RETURN_TYPE_APP, user_data); } else { - state=tsg_do_deny_action(a_stream, user_region, p_result, protocol, type, user_data); + state=tsg_do_deny_action(a_stream, maat_compile->user_region, p_result, protocol, type, user_data); } - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); + plugin_ex_data_security_compile_free(maat_compile); return state; } diff --git a/src/tsg_bridge.cpp b/src/tsg_bridge.cpp index e294321..f351dcf 100644 --- a/src/tsg_bridge.cpp +++ b/src/tsg_bridge.cpp @@ -7,41 +7,54 @@ #include "tsg_bridge.h" #include "tsg_variable.h" +#include "tsg_sync_state.h" +#include "tsg_rule_internal.h" -extern int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data); +extern int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data); extern int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data); +extern int tm_get_ssl_ja3_fingerprint(const struct streaminfo *a_stream, char **ja3_fingerprint); -void free_context_label(const struct streaminfo *a_stream, int bridge_id, void *data) +struct bridge_info { - struct master_context *context=(struct master_context *)data; - if(context!=NULL) + int id; + char name[MAX_BRIDGE_NAME_LEN]; + stream_bridge_free_cb_t *free_cb; + stream_bridge_sync_cb_t *sync_cb; +}; + +struct bridge_info g_tm_bridge_para[BRIDGE_TYPE_MAX]; + +void session_runtime_process_context_free(const struct streaminfo *a_stream, int bridge_id, void *data) +{ + struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)data; + if(srt_process_context!=NULL) { - if(context->domain!=NULL) + if(srt_process_context->domain!=NULL) { - dictator_free(a_stream->threadnum, (void *)context->domain); - context->domain=NULL; + dictator_free(a_stream->threadnum, (void *)srt_process_context->domain); + srt_process_context->domain=NULL; } - if(context->quic_ua!=NULL) + if(srt_process_context->quic_ua!=NULL) { - dictator_free(a_stream->threadnum, (void *)context->quic_ua); - context->quic_ua=NULL; + dictator_free(a_stream->threadnum, (void *)srt_process_context->quic_ua); + srt_process_context->quic_ua=NULL; } - if(context->mid!=NULL) + if(srt_process_context->mid!=NULL) { - Maat_clean_status(&context->mid); - context->mid=NULL; + tsg_maat_state_free(srt_process_context->mid); + srt_process_context->mid=NULL; } - if(context->hited_result!=NULL) + if(srt_process_context->hited_result!=NULL) { - dictator_free(a_stream->threadnum, (void *)context->hited_result); - context->hited_result=NULL; + dictator_free(a_stream->threadnum, (void *)srt_process_context->hited_result); + srt_process_context->hited_result=NULL; } - dictator_free(a_stream->threadnum, (void *)context); - context=NULL; + dictator_free(a_stream->threadnum, (void *)srt_process_context); + srt_process_context=NULL; } data=NULL; @@ -49,17 +62,17 @@ void free_context_label(const struct streaminfo *a_stream, int bridge_id, void * return ; } -void free_tcpall_label(const struct streaminfo *a_stream, int bridge_id, void *data) +void session_runtime_action_context_free(const struct streaminfo *a_stream, int bridge_id, void *data) { if(data!=NULL) { - struct tcpall_context *context=(struct tcpall_context *)data; - if(context->para!=NULL) + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)data; + if(srt_action_context->para!=NULL) { - switch(context->method_type) + switch(srt_action_context->method_type) { case TSG_METHOD_TYPE_RATE_LIMIT: - destroy_bucket(&(context->bucket), a_stream->threadnum); + destroy_bucket(&(srt_action_context->bucket), a_stream->threadnum); break; default: break; @@ -73,49 +86,65 @@ void free_tcpall_label(const struct streaminfo *a_stream, int bridge_id, void *d return ; } -void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data) +void session_matched_rules_free_by_bridge(const struct streaminfo *a_stream, int bridge_id, void *data) { if(data!=NULL) { - dictator_free(stream->threadnum, data); + dictator_free(a_stream->threadnum, data); data=NULL; } } -void free_s_chaining_result(const struct streaminfo *stream, int bridge_id, void *data) +void session_segment_id_free(const struct streaminfo *a_stream, int bridge_id, void *data) { if(data!=NULL) { - dictator_free(stream->threadnum, data); + dictator_free(a_stream->threadnum, data); data=NULL; } } -void free_policy_label(const struct streaminfo *a_stream, int bridge_id, void *data) +void session_gather_app_results_free(const struct streaminfo *a_stream, int bridge_id, void *data) { if(data!=NULL) - { - struct policy_priority_label *priority_label=(struct policy_priority_label *)data; - if(priority_label->para!=NULL) + { + dictator_free(a_stream->threadnum, data); + data=NULL; + } +} + +void session_runtime_attribute_free(const struct streaminfo *a_stream, int bridge_id, void *data) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)data; + + if(srt_attribute!=NULL) + { + plugin_ex_data_asn_number_free(srt_attribute->client_asn); + plugin_ex_data_asn_number_free(srt_attribute->server_asn); + + plugin_ex_data_location_free(srt_attribute->client_location); + plugin_ex_data_location_free(srt_attribute->server_location); + + plugin_ex_data_subscriber_id_free(srt_attribute->client_subscribe_id); + plugin_ex_data_subscriber_id_free(srt_attribute->server_subscribe_id); + + plugin_ex_data_gtp_c_free(srt_attribute->user_info); + + plugin_ex_data_tunnel_endpoint_free(srt_attribute->client_endpoint); + plugin_ex_data_tunnel_endpoint_free(srt_attribute->server_endpoint); + + if(srt_attribute->ja3_fingerprint!=NULL) { - dictator_free(a_stream->threadnum, priority_label->para); - priority_label->para=NULL; + dictator_free(a_stream->threadnum, (void *)srt_attribute->ja3_fingerprint); + srt_attribute->ja3_fingerprint=NULL; } + dictator_free(a_stream->threadnum, data); data=NULL; } } -void free_gather_app_result(const struct streaminfo *a_stream, int bridge_id, void *data) -{ - if(data!=NULL) - { - dictator_free(a_stream->threadnum, data); - data=NULL; - } -} - -int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data) +int session_async_bridge_set_data(const struct streaminfo *a_stream, int bridge_id, void *data) { if(a_stream==NULL || bridge_id<0) { @@ -132,7 +161,7 @@ int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void return 1; } -void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id) +void *session_async_bridge_get_data(const struct streaminfo *a_stream, int bridge_id) { if(a_stream!=NULL && bridge_id>=0) { @@ -142,60 +171,800 @@ void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id) return NULL; } -int tsg_init_bridge(const char *conffile) +const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream) { - MESA_load_profile_string_def(conffile, "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].name, MAX_BRIDGE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE"); - g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].sync_cb=app_identify_result_cb; + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id); + if(srt_attribute==NULL) + { + srt_attribute=(struct session_runtime_attribute *)dictator_malloc(a_stream->threadnum, sizeof(struct session_runtime_attribute)); + memset(srt_attribute, 0, sizeof(struct session_runtime_attribute)); - MESA_load_profile_string_def(conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA"); - MESA_load_profile_string_def(conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA"); + int ret=session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id, (void *)srt_attribute); + if(ret<0) + { + session_runtime_attribute_free(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id, (void *)srt_attribute); + srt_attribute=NULL; + return NULL; + } + } - MESA_load_profile_string_def(conffile, "SESSION_FLAGS", "FLAGS_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_FLAGS].name, MAX_BRIDGE_NAME_LEN, "SESSION_FLAGS_SYNC_NOTIFY_DATA"); - g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_FLAGS].sync_cb=session_flags_identify_result_cb; + return (const struct session_runtime_attribute *)srt_attribute; +} - MESA_load_profile_string_def(conffile, "SYSTEM", "SHAPING_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].name, MAX_BRIDGE_NAME_LEN, "NOTIFY_SHAPING_RESULT"); - g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].free_cb=free_shaping_result; +int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream) +{ + unsigned long long create_time=0; + unsigned long long current_time=0; + int size=sizeof(create_time); - MESA_load_profile_string_def(conffile, "SYSTEM", "DATA_CONTEXT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_DATA_CONTEXT"); - g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].free_cb=free_context_label; + int ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size); + if(ret<0) + { + return 0; + } + + size=sizeof(current_time); + ret=sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, (void *)¤t_time, &size); + if(ret<0) + { + return 0; + } + + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->establish_latency_ms=current_time-create_time; + return 1; + } + + return 0; +} - MESA_load_profile_string_def(conffile, "SYSTEM", "ALL_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_ALL_CONTEXT"); - g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].free_cb=free_tcpall_label; +int srt_attribute_set_protocol(const struct streaminfo *a_stream, TSG_PROTOCOL protocol) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->proto=protocol; + return 1; + } + + return 0; +} - MESA_load_profile_string_def(conffile, "SYSTEM", "GATHER_APP_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].name, MAX_BRIDGE_NAME_LEN, "GATHER_APP_IDENTIFY_RESULT"); - g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].free_cb=free_gather_app_result; +int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_action_file_size) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->http_action_file_size=http_action_file_size; + return 1; + } + + return 0; +} - MESA_load_profile_string_def(conffile, "SYSTEM", "POLICY_PRIORITY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].name, MAX_BRIDGE_NAME_LEN, "TSG_POLICY_PRIORITY"); - g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].free_cb=free_policy_label; +int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->ja3_fingerprint=ja3_fingerprint; + return 1; + } + + return 0; +} - MESA_load_profile_string_def(conffile, "SYSTEM", "S_CHAINING_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].name, MAX_BRIDGE_NAME_LEN, "SERVICE_CHAINING_RESULT"); - g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].free_cb=free_s_chaining_result; +int srt_atttribute_set_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info *user_info) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->user_info=user_info; + return 1; + } + + return 0; +} + +int srt_atttribute_set_subscriber_id(const struct streaminfo *a_stream, struct subscribe_id_info *c_subscribe_id, struct subscribe_id_info *s_subscribe_id) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->client_subscribe_id=c_subscribe_id; + srt_attribute->server_subscribe_id=s_subscribe_id; + return 1; + } + + return 0; +} + +int srt_atttribute_set_ip_asn(const struct streaminfo *a_stream, struct asn_info *c_asn, struct asn_info *s_asn) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->client_asn=c_asn; + srt_attribute->server_asn=s_asn; + return 1; + } + + return 0; +} + +int srt_atttribute_set_ip_location(const struct streaminfo *a_stream, struct location_info *c_location, struct location_info *s_location) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->client_location=c_location; + srt_attribute->server_location=s_location; + return 1; + } + + return 0; +} + +int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned int *category_ids, int n_category_ids) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + if(n_category_ids<=0 || n_category_ids>MAX_CATEGORY_ID_NUM) + { + return 0; + } + memcpy(srt_attribute->fqdn_category_ids, category_ids, sizeof(unsigned int)*n_category_ids); + srt_attribute->n_fqdn_category_ids=n_category_ids; + + return 1; + } + + return 0; +} + +int srt_attribute_set_flags(const struct streaminfo *a_stream, unsigned long s_flags) +{ + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute) + { + srt_attribute->session_flags=s_flags; + return 1; + } + + return 0; +} + +const char *srt_attribute_get_ja3_fingerprint(const struct session_runtime_attribute *srt_attribute) +{ + if(srt_attribute) + { + return (const char *)(srt_attribute->ja3_fingerprint); + } + + return NULL; +} +const char *srt_attribute_get_client_subscriber_id(const struct session_runtime_attribute *srt_attribute) +{ + if(srt_attribute) + { + return (const char *)(srt_attribute->client_subscribe_id); + } + + return NULL; +} +const char *srt_attribute_get_server_subscriber_id(const struct session_runtime_attribute *srt_attribute) +{ + if(srt_attribute) + { + return (const char *)(srt_attribute->server_subscribe_id); + } + + return NULL; +} + +const struct asn_info *srt_attribute_get_client_ip_asn(const struct session_runtime_attribute *srt_attribute) +{ + if(srt_attribute) + { + return (const struct asn_info *)(srt_attribute->client_asn); + } + + return NULL; +} + +const struct asn_info *srt_attribute_get_server_ip_asn(const struct session_runtime_attribute *srt_attribute) +{ + if(srt_attribute) + { + return (const struct asn_info *)(srt_attribute->server_asn); + } + + return NULL; +} + +const struct location_info *srt_attribute_get_client_ip_location(const struct session_runtime_attribute *srt_attribute) +{ + if(srt_attribute) + { + return (const struct location_info *)(srt_attribute->client_location); + } + + return NULL; +} + +const struct location_info *srt_attribute_get_server_ip_location(const struct session_runtime_attribute *srt_attribute) +{ + if(srt_attribute) + { + return (const struct location_info *)(srt_attribute->server_location); + } + + return NULL; +} + +size_t srt_attribute_get_category_ids(const struct session_runtime_attribute *srt_attribute, unsigned int *category_ids, size_t n_category_ids) +{ + if(srt_attribute==NULL || srt_attribute->n_fqdn_category_ids==0 || category_ids==NULL || n_category_ids==0) + { + return 0; + } + + size_t n_real_category_ids=MIN(n_category_ids, srt_attribute->n_fqdn_category_ids); + memcpy(category_ids, srt_attribute->fqdn_category_ids, n_real_category_ids*sizeof(unsigned int)); + + return n_real_category_ids; +} + +int session_runtime_process_context_async(const struct streaminfo *a_stream, void *data) +{ + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id, data); +} + +const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream) +{ + struct session_runtime_process_context *srt_attribute=(struct session_runtime_process_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id); + if(srt_attribute==NULL) + { + srt_attribute=(struct session_runtime_process_context *)dictator_malloc(a_stream->threadnum, sizeof(struct session_runtime_process_context)); + memset(srt_attribute, 0, sizeof(struct session_runtime_process_context)); + + int ret=session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id, (void *)srt_attribute); + if(ret<0) + { + session_runtime_attribute_free(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id, (void *)srt_attribute); + srt_attribute=NULL; + return NULL; + } + } + + return (const struct session_runtime_process_context *)srt_attribute; +} + +enum TSG_PROTOCOL srt_process_context_get_protocol(const struct session_runtime_process_context *srt_process_context) +{ + if(srt_process_context!=NULL) + { + return srt_process_context->proto; + } + + return PROTO_UNKONWN; +} + +const char *srt_process_context_get_domain(const struct session_runtime_process_context *srt_process_context) +{ + if(srt_process_context!=NULL) + { + return (const char *)(srt_process_context->domain); + } + + return NULL; +} + +const char *srt_process_context_get_http_url(const struct session_runtime_process_context *srt_process_context) +{ + if(srt_process_context!=NULL && srt_process_context->proto==PROTO_HTTP) + { + return (const char *)(srt_process_context->http_url); + } + + return NULL; +} + +const char *srt_process_context_get_quic_ua(const struct session_runtime_process_context *srt_process_context) +{ + if(srt_process_context!=NULL && srt_process_context->proto==PROTO_QUIC) + { + return (const char *)(srt_process_context->quic_ua); + } + + return NULL; +} + +int session_runtime_action_context_async(const struct streaminfo *a_stream, void *data) +{ + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, data); +} + +const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream) +{ + return (const struct session_runtime_action_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id); +} + +int srt_action_context_set_after_n_packet(const struct streaminfo *a_stream, int after_n_packets, int thread_seq) +{ + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + if(srt_action_context==NULL) + { + srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); + memset(srt_action_context, 0, sizeof(struct session_runtime_action_context)); + session_runtime_action_context_async(a_stream, (void *)srt_action_context); + } + + srt_action_context->hited_para.after_n_packets=after_n_packets; + + return 1; +} + +int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int hited_app_id, int thread_seq) +{ + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + if(srt_action_context==NULL) + { + srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); + memset(srt_action_context, 0, sizeof(struct session_runtime_action_context)); + session_runtime_action_context_async(a_stream, (void *)srt_action_context); + } + + srt_action_context->hited_para.hited_app_id=hited_app_id; + + return 1; +} + +int srt_action_context_set_l7_protocol(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol, int thread_seq) +{ + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + if(srt_action_context==NULL) + { + srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); + memset(srt_action_context, 0, sizeof(struct session_runtime_action_context)); + session_runtime_action_context_async(a_stream, (void *)srt_action_context); + } + + srt_action_context->protocol=protocol; + + return 1; +} + +int srt_action_context_set_rule_method(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq) +{ + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + if(srt_action_context==NULL) + { + srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); + memset(srt_action_context, 0, sizeof(struct session_runtime_action_context)); + session_runtime_action_context_async(a_stream, (void *)srt_action_context); + } + + if(method_type==TSG_METHOD_TYPE_SHUNT) + { + if(srt_action_context->method_type==TSG_METHOD_TYPE_RATE_LIMIT) + { + destroy_bucket(&(srt_action_context->bucket), thread_seq); + srt_action_context->bucket=NULL; + } + srt_action_context->method_type=method_type; + } + + switch(srt_action_context->method_type) + { + case TSG_METHOD_TYPE_UNKNOWN: + case TSG_METHOD_TYPE_DEFAULT: + case TSG_METHOD_TYPE_MIRRORED: + srt_action_context->method_type=method_type; + break; + default: + return 0; + break; + } + + return 1; +} + +int srt_action_context_set_leaky_bucket(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq) +{ + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + if(srt_action_context==NULL) + { + srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); + memset(srt_action_context, 0, sizeof(struct session_runtime_action_context)); + session_runtime_action_context_async(a_stream, (void *)srt_action_context); + } + + switch(srt_action_context->method_type) + { + case TSG_METHOD_TYPE_RATE_LIMIT: + return 1; + break; + case TSG_METHOD_TYPE_DEFAULT: + case TSG_METHOD_TYPE_UNKNOWN: + break; + default: + return 0; + break; + } + + srt_action_context->method_type=TSG_METHOD_TYPE_RATE_LIMIT; + srt_action_context->bucket=bucket; + + return 1; +} + +char srt_action_context_get_direction(const struct streaminfo *a_stream) +{ + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id); + if(srt_action_context!=NULL) + { + return srt_action_context->direction; + } + + return -1; +} + + +int session_mirror_packets_sync(const struct streaminfo *a_stream, struct maat_rule *rules, struct mirrored_vlan *vlan) +{ + struct tsg_notify_data notify_data={0}; + + notify_data.compile_id=rules->rule_id; + notify_data.type=NOTIFY_TYPE_MIRRORED; + notify_data.vlan=vlan; + stream_bridge_sync_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data)); + + return 1; +} + +int session_capture_packets_sync(const struct streaminfo *a_stream, struct maat_rule *result, int depth) +{ + struct tsg_notify_data notify_data={0}; + + notify_data.compile_id=result->rule_id; + notify_data.type=NOTIFY_TYPE_CAPTURE; + notify_data.capture_depth=depth; + stream_bridge_sync_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data)); + + return 1; +} + +size_t session_matched_rules_copy(const struct streaminfo *a_stream, enum TSG_SERVICE service, struct maat_rule *rules, size_t n_rules) +{ + if(rules==NULL || n_rules==0) + { + return 0; + } + + struct matched_policy_rules *matched_policy=NULL; + switch(service) + { + case TSG_SERVICE_SECURITY: + matched_policy=(struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SECURITY_RESULT].id); + break; + case TSG_SERVICE_CHAINING: + matched_policy=(struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SERVICE_CHAINING_RESULT].id); + break; + case TSG_SERVICE_SHAPING: + matched_policy=(struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SHAPING_RESULT].id); + break; + case TSG_SERVICE_INTERCEPT: + matched_policy=(struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_INTERCEPT_RESULT].id); + break; + default: + break; + } + + if(matched_policy!=NULL) + { + size_t num=MIN(matched_policy->n_rules, n_rules); + memcpy(rules, matched_policy->rules, num*sizeof(struct maat_rule)); + return num; + } + + return 0; +} + +const struct matched_policy_rules *session_matched_rules_get(const struct streaminfo *a_stream, enum TSG_SERVICE service) +{ + switch(service) + { + case TSG_SERVICE_SECURITY: + return (struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SECURITY_RESULT].id); + case TSG_SERVICE_CHAINING: + return (struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SERVICE_CHAINING_RESULT].id); + case TSG_SERVICE_SHAPING: + return (struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SHAPING_RESULT].id); + case TSG_SERVICE_INTERCEPT: + return (struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_INTERCEPT_RESULT].id); + default: + break; + } + + return NULL; +} + +int session_matched_rules_sync(const struct streaminfo *a_stream, TSG_SERVICE service, void *data) +{ + switch(service) + { + case TSG_SERVICE_SECURITY: + break; + case TSG_SERVICE_CHAINING: + return stream_bridge_sync_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SERVICE_CHAINING_RESULT].id, data); + case TSG_SERVICE_SHAPING: + return stream_bridge_sync_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SHAPING_RESULT].id, data); + case TSG_SERVICE_INTERCEPT: + return stream_bridge_sync_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SECURITY_RESULT].id, data); + case TSG_SERVICE_SIGNATURE: + return stream_bridge_sync_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_APP_SIGNATURE_RESULT].id, data); + default: + break; + } + + return 0; +} + +int session_matched_rules_async(const struct streaminfo *a_stream, TSG_SERVICE service, void *data) +{ + switch(service) + { + case TSG_SERVICE_SECURITY: + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SECURITY_RESULT].id, data); + break; + case TSG_SERVICE_CHAINING: + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SERVICE_CHAINING_RESULT].id, data); + break; + case TSG_SERVICE_SHAPING: + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SHAPING_RESULT].id, data); + break; + case TSG_SERVICE_INTERCEPT: + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_INTERCEPT_RESULT].id, data); + case TSG_SERVICE_SIGNATURE: + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_APP_SIGNATURE_RESULT].id, data); + default: + break; + } + + return 0; +} + +void session_matched_rules_free(const struct streaminfo *a_stream, TSG_SERVICE service, void *data) +{ + switch(service) + { + case TSG_SERVICE_SECURITY: + session_matched_rules_free_by_bridge(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SECURITY_RESULT].id, data); + break; + case TSG_SERVICE_CHAINING: + session_matched_rules_free_by_bridge(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SERVICE_CHAINING_RESULT].id, data); + break; + case TSG_SERVICE_SHAPING: + session_matched_rules_free_by_bridge(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SHAPING_RESULT].id, data); + break; + case TSG_SERVICE_INTERCEPT: + session_matched_rules_free_by_bridge(a_stream, g_tm_bridge_para[BRIDGE_TYPE_INTERCEPT_RESULT].id, data); + break; + case TSG_SERVICE_SIGNATURE: + session_matched_rules_free_by_bridge(a_stream, g_tm_bridge_para[BRIDGE_TYPE_APP_SIGNATURE_RESULT].id, data); + default: + break; + } +} + +void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *rules, size_t n_rules, int thread_seq) +{ + if(rules==NULL || n_rules==0) + { + return ; + } + + enum BRIDGE_TYPE bridge_idx; + switch(service) + { + case TSG_SERVICE_SECURITY: + bridge_idx=BRIDGE_TYPE_SECURITY_RESULT; + break; + case TSG_SERVICE_INTERCEPT: + bridge_idx=BRIDGE_TYPE_INTERCEPT_RESULT; + break; + default: + return ; + } + + struct matched_policy_rules *matched_policy=(struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[bridge_idx].id); + if(matched_policy==NULL) + { + matched_policy=(struct matched_policy_rules *)dictator_malloc(thread_seq, sizeof(struct matched_policy_rules)); + memset(matched_policy, 0, sizeof(struct matched_policy_rules)); + + int ret=session_async_bridge_set_data(a_stream, g_tm_bridge_para[bridge_idx].id, (void *)matched_policy); + if(ret<0) + { + session_matched_rules_free_by_bridge(a_stream, g_tm_bridge_para[bridge_idx].id, (void *)matched_policy); + } + } + + if(rules[0].actionrules[0].action) + { + return ; + } + + if(rules[0].action>matched_policy->rules[0].action) + { + matched_policy->n_rules=0; + } + + size_t num=MIN(MAX_RESULT_NUM-matched_policy->n_rules, n_rules); + for(size_t i=0; in_rules; j++) + { + if(rules[i].rule_id==matched_policy->rules[j].rule_id) + { + repeat_result=1; + break; + } + } + + if(repeat_result==0) + { + memcpy(&(matched_policy->rules[matched_policy->n_rules++]), &(rules[i]), sizeof(struct maat_rule)); + } + } + + return ; +} + +void *session_mac_linkinfo_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_MAC_LINKINFO].id); +} + +void *session_nat_c2s_linkinfo_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_NAT_C2S_LINKINFO].id); +} + +void *session_nat_s2c_linkinfo_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_NAT_S2C_LINKINFO].id); +} + +void *session_gather_app_results_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_GATHER_APP_RESULT].id); +} + +int session_gather_app_results_async(const struct streaminfo *a_stream, void *data) +{ + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_GATHER_APP_RESULT].id, data); +} + +int session_control_segment_ids_async(const struct streaminfo *a_stream, void *data) +{ + return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SEGMENT_IDS].id, data); +} + +void *session_control_segment_ids_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SEGMENT_IDS].id); +} + +void *session_conn_sketch_notify_data_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id); +} + +void *session_business_data_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_BUSINESS_S3_FILENAME].id); +} + +void *session_session_flags_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_ASYNC_SESSION_FLAGS].id); +} + +void *session_application_behavior_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_APP_BEHAVIOR_RESULT].id); +} + +void *session_mirrored_and_capture_packets_exec_result_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_POLICY_ACTION_PARA_EXEC_RESULT].id); +} + +void *session_lua_user_defined_attribute_get(const struct streaminfo *a_stream) +{ + return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_APP_LUA_RESULT].id); +} + +int tsg_bridge_init(const char *conffile) +{ + MESA_load_profile_string_def(conffile, "BRIDGE", "APP_IDENTIFY_RESULT_BRIDGE", g_tm_bridge_para[BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT].name, MAX_BRIDGE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE"); + g_tm_bridge_para[BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT].sync_cb=session_app_identify_result_cb; + + MESA_load_profile_string_def(conffile, "BRIDGE", "SKETCH_NOTIFY_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA"); + MESA_load_profile_string_def(conffile, "BRIDGE", "MASTER_NOTIFY_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA"); + + MESA_load_profile_string_def(conffile, "SESSION_FLAGS", "FLAGS_NOTIFY_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_SYNC_SESSION_FLAGS].name, MAX_BRIDGE_NAME_LEN, "SESSION_FLAGS_SYNC_NOTIFY_DATA"); + g_tm_bridge_para[BRIDGE_TYPE_SYNC_SESSION_FLAGS].sync_cb=session_flags_identify_result_cb; + + MESA_load_profile_string_def(conffile, "BRIDGE", "SHAPING_RESULT_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_SHAPING_RESULT].name, MAX_BRIDGE_NAME_LEN, "NOTIFY_SHAPING_RESULT"); + g_tm_bridge_para[BRIDGE_TYPE_SHAPING_RESULT].free_cb=session_matched_rules_free_by_bridge; + + MESA_load_profile_string_def(conffile, "BRIDGE", "DATA_CONTEXT_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_DATA_CONTEXT"); + g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].free_cb=session_runtime_process_context_free; + + MESA_load_profile_string_def(conffile, "BRIDGE", "ALL_RESULT_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_ALL_CONTEXT"); + g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].free_cb=session_runtime_action_context_free; + + MESA_load_profile_string_def(conffile, "BRIDGE", "GATHER_APP_RESULT_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_GATHER_APP_RESULT].name, MAX_BRIDGE_NAME_LEN, "GATHER_APP_IDENTIFY_RESULT"); + g_tm_bridge_para[BRIDGE_TYPE_GATHER_APP_RESULT].free_cb=session_gather_app_results_free; + + MESA_load_profile_string_def(conffile, "BRIDGE", "SECURITY_RESULT_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_SECURITY_RESULT].name, MAX_BRIDGE_NAME_LEN, "TSG_POLICY_PRIORITY"); + g_tm_bridge_para[BRIDGE_TYPE_SECURITY_RESULT].free_cb=session_matched_rules_free_by_bridge; + + MESA_load_profile_string_def(conffile, "BRIDGE", "SESSION_ATTRIBUTE_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].name, MAX_BRIDGE_NAME_LEN, "TSG_SESSION_ATTRIBUTE"); + g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].free_cb=session_runtime_attribute_free; + + MESA_load_profile_string_def(conffile, "BRIDGE", "LINKINFO_FROM_MAC", g_tm_bridge_para[BRIDGE_TYPE_MAC_LINKINFO].name, MAX_BRIDGE_NAME_LEN, "mirror_linkinfo_from_mac"); + MESA_load_profile_string_def(conffile, "BRIDGE", "NAT_C2S_LINKINFO", g_tm_bridge_para[BRIDGE_TYPE_NAT_C2S_LINKINFO].name, MAX_BRIDGE_NAME_LEN, "common_link_info_c2s"); + MESA_load_profile_string_def(conffile, "BRIDGE", "NAT_S2C_LINKINFO", g_tm_bridge_para[BRIDGE_TYPE_NAT_S2C_LINKINFO].name, MAX_BRIDGE_NAME_LEN, "common_link_info_s2c"); + MESA_load_profile_string_def(conffile, "BRIDGE", "APP_LUA_SCRIPTS_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_APP_LUA_RESULT].name, MAX_BRIDGE_NAME_LEN, "LUA_USER_DEFINED_ATTRIBUTE"); + MESA_load_profile_string_def(conffile, "BRIDGE", "BUSINESS_S3_FILENAME", g_tm_bridge_para[BRIDGE_TYPE_BUSINESS_S3_FILENAME].name, MAX_BRIDGE_NAME_LEN, "TSG_BUSINESS_S3_FILENAME"); + MESA_load_profile_string_def(conffile, "BRIDGE", "APP_BEHAVIOR_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_APP_BEHAVIOR_RESULT].name, MAX_BRIDGE_NAME_LEN, "TSG_APPLICATION_BEHAVIOR"); + MESA_load_profile_string_def(conffile, "BRIDGE", "POLICY_ACTION_PARA_EXEC_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_POLICY_ACTION_PARA_EXEC_RESULT].name, MAX_BRIDGE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT"); + MESA_load_profile_string_def(conffile, "BRIDGE", "NOTIFY_ASYNC_FLAGS_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_ASYNC_SESSION_FLAGS].name, MAX_BRIDGE_NAME_LEN, "SESSION_FLAGS_ASYNC_NOTIFY_DATA"); + + MESA_load_profile_string_def(conffile, "BRIDGE", "SYNC_APP_SIGNATURE_ID_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_APP_SIGNATURE_RESULT].name, MAX_BRIDGE_NAME_LEN, "TSG_SYNC_APP_SIGNATURE_ID"); + + MESA_load_profile_string_def(conffile, "BRIDGE", "S_CHAINING_RESULT_BRIDGE_NAME",g_tm_bridge_para[BRIDGE_TYPE_SERVICE_CHAINING_RESULT].name, MAX_BRIDGE_NAME_LEN, "SERVICE_CHAINING_RESULT"); + g_tm_bridge_para[BRIDGE_TYPE_SERVICE_CHAINING_RESULT].free_cb=session_matched_rules_free_by_bridge; + + MESA_load_profile_string_def(conffile, "BRIDGE", "INTERCEPT_RESULT_BRIDGE_NAME",g_tm_bridge_para[BRIDGE_TYPE_INTERCEPT_RESULT].name, MAX_BRIDGE_NAME_LEN, "INTERCEPT_RESULT"); + g_tm_bridge_para[BRIDGE_TYPE_INTERCEPT_RESULT].free_cb=session_matched_rules_free_by_bridge; + + MESA_load_profile_string_def(conffile, "BRIDGE", "SEGMENT_IDS_BRIDGE_NAME",g_tm_bridge_para[BRIDGE_TYPE_SEGMENT_IDS].name, MAX_BRIDGE_NAME_LEN, "SEGMENT_IDS"); + g_tm_bridge_para[BRIDGE_TYPE_SEGMENT_IDS].free_cb=session_segment_id_free; for(int i=0; i -#include -#include "tsg_rule.h" #include "app_label.h" +#include "tsg_label.h" +#include "tsg_rule.h" #include "tsg_leaky_bucket.h" #ifndef MAX_BRIDGE_NAME_LEN @@ -15,24 +15,29 @@ enum BRIDGE_TYPE { BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0, BRIDGE_TYPE_RECV_CONN_SKETCH_DATA, - BRIDGE_TYPE_APP_IDENTIFY_RESULT, - BRIDGE_TYPE_NOTIFY_FLAGS, - BRIDGE_TYPE_NOTIFY_SHAPING_RESULT, //sync and async - BRIDGE_TYPE_DATA_CONTEXT, //async - BRIDGE_TYPE_ALL_CONTEXT, //async + BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT, + BRIDGE_TYPE_SYNC_SESSION_FLAGS, + BRIDGE_TYPE_SHAPING_RESULT, //sync and async + BRIDGE_TYPE_SESSION_PROCESS_CONTEXT, //async + BRIDGE_TYPE_SESSION_ACTION_CONTEXT, //async BRIDGE_TYPE_GATHER_APP_RESULT, //async - BRIDGE_TYPE_POLICY_PRIORITY, //async - BRIDGE_TYPE_SERVICE_CHAINING, //async + BRIDGE_TYPE_SERVICE_CHAINING_RESULT, //async + BRIDGE_TYPE_SECURITY_RESULT, //async + BRIDGE_TYPE_SESSION_ATTRIBUTE, //async + BRIDGE_TYPE_MAC_LINKINFO, //async + BRIDGE_TYPE_NAT_C2S_LINKINFO, + BRIDGE_TYPE_NAT_S2C_LINKINFO, + BRIDGE_TYPE_APP_LUA_RESULT, + BRIDGE_TYPE_BUSINESS_S3_FILENAME, + BRIDGE_TYPE_APP_BEHAVIOR_RESULT, + BRIDGE_TYPE_POLICY_ACTION_PARA_EXEC_RESULT, + BRIDGE_TYPE_ASYNC_SESSION_FLAGS, + BRIDGE_TYPE_APP_SIGNATURE_RESULT, + BRIDGE_TYPE_INTERCEPT_RESULT, //sync and async + BRIDGE_TYPE_SEGMENT_IDS, //async service_chaining or shping SID BRIDGE_TYPE_MAX }; -struct tm_hited_result -{ - int sid; - int result_num; - struct Maat_rule_t result[MAX_RESULT_NUM]; -}; - struct app_attributes { unsigned int app_id; @@ -47,29 +52,13 @@ struct gather_app_result struct app_attributes attributes[MAX_APP_ID_NUM]; }; -struct policy_priority_label -{ - tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) - int domain_len; - int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h) - int security_result_num; - union - { - char *http_url; - char *quic_ua; - void *para; - }; - char domain[MAX_DOMAIN_LEN]; - struct Maat_rule_t security_result[MAX_RESULT_NUM]; -}; - struct hited_app_para { int hited_app_id; int after_n_packets; }; -struct master_context +struct session_runtime_process_context { unsigned char is_esni; unsigned char is_hited_allow; @@ -77,63 +66,120 @@ struct master_context unsigned char is_app_link; unsigned char sync_cb_state; unsigned short timeout; - tsg_protocol_t proto; + enum TSG_PROTOCOL proto; int hited_app_id; // only app unsigned int quic_version; unsigned long session_flag; - char *domain; + union + { + char *ssl_sni; + char *quic_sni; + char *dtls_sni; + char *http_host; + char *domain; + }; union { char *http_url; char *quic_ua; void *para; }; - scan_status_t mid; + struct maat_state *mid; struct hited_app_para hited_para; // l7 protocol and app long long last_scan_time; - struct Maat_rule_t *hited_result; + struct maat_rule *hited_result; }; -struct tcpall_context +struct session_runtime_action_context { char udp_data_dropme; char set_latency_flag; char direction; char padding[5]; enum TSG_METHOD_TYPE method_type; - tsg_protocol_t protocol; + enum TSG_PROTOCOL protocol; union { struct leaky_bucket *bucket; - long tamper_count; + long tamper_count; int default_policy_after_n_packets; struct hited_app_para hited_para; void *para; }; }; -struct udp_context +struct udp_session_runtime_context { - struct master_context *data_entry; - struct tcpall_context *all_entry; + struct session_runtime_process_context *srt_process_context; + struct session_runtime_action_context *srt_action_context; }; -struct bridge_info +struct session_runtime_attribute { - int id; - char name[MAX_BRIDGE_NAME_LEN]; - stream_bridge_free_cb_t *free_cb; - stream_bridge_sync_cb_t *sync_cb; + int http_action_file_size; + size_t n_fqdn_category_ids; + enum TSG_PROTOCOL proto; + long establish_latency_ms; + struct asn_info *client_asn; + struct asn_info *server_asn; + struct location_info *client_location; + struct location_info *server_location; + struct subscribe_id_info *client_subscribe_id; + struct subscribe_id_info *server_subscribe_id; + const char *ja3_fingerprint; + unsigned int fqdn_category_ids[MAX_CATEGORY_ID_NUM]; + struct umts_user_info *user_info; + struct tunnel_endpoint *client_endpoint; + struct tunnel_endpoint *server_endpoint; + unsigned long session_flags; }; -int tsg_init_bridge(const char *conffile); -void free_context_label(const struct streaminfo *stream, int bridge_id, void *data); -void free_tcpall_label(const struct streaminfo *stream, int bridge_id, void *data); -void free_policy_label(const struct streaminfo *stream, int bridge_id, void *data); -void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data); -void free_gather_app_result(const struct streaminfo *stream, int bridge_id, void *data); +// init +int tsg_bridge_init(const char *conffile); -void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id); -int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data); +//send log +void *session_mac_linkinfo_get(const struct streaminfo * a_stream); +void *session_conn_sketch_notify_data_get(const struct streaminfo * a_stream); +void *session_business_data_get(const struct streaminfo * a_stream); +void *session_session_flags_get(const struct streaminfo * a_stream); +void *session_application_behavior_get(const struct streaminfo * a_stream); +void *session_mirrored_and_capture_packets_exec_result_get(const struct streaminfo * a_stream); +void *session_lua_user_defined_attribute_get(const struct streaminfo * a_stream); +void *session_nat_c2s_linkinfo_get(const struct streaminfo * a_stream); +void *session_nat_s2c_linkinfo_get(const struct streaminfo * a_stream); + +void *session_control_segment_ids_get(const struct streaminfo *a_stream); +int session_control_segment_ids_async(const struct streaminfo *a_stream, void *data); + +void session_matched_rules_free(const struct streaminfo * a_stream, TSG_SERVICE service, void * data); +int session_matched_rules_async(const struct streaminfo * a_stream, TSG_SERVICE service, void * data); +const struct matched_policy_rules *session_matched_rules_get(const struct streaminfo *a_stream, enum TSG_SERVICE service); +int session_capture_packets_sync(const struct streaminfo *a_stream, struct maat_rule *results, int depth); +int session_mirror_packets_sync(const struct streaminfo *a_stream, struct maat_rule *results, struct mirrored_vlan *vlan); + +// security +void session_matched_rules_notify(const struct streaminfo * a_stream, TSG_SERVICE service, struct maat_rule *results, size_t n_results, int thread_seq); + +// session runtime attribute +int srt_attribute_set_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol); +int srt_attribute_set_flags(const struct streaminfo * a_stream, unsigned long s_flags); +int srt_attribute_set_establish_latecy(const struct streaminfo * a_stream); +int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint); +int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_action_file_size); + +//gather app identify result +int session_gather_app_results_async(const struct streaminfo * a_stream, void * data); +void *session_gather_app_results_get(const struct streaminfo * a_stream); + +// session runtime do action context +int session_runtime_action_context_async(const struct streaminfo *a_stream, void *data); +const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream); +int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, struct leaky_bucket * bucket, int thread_seq); +int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol, int thread_seq); +int srt_action_context_set_rule_method(const struct streaminfo * a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq); +int srt_action_context_set_after_n_packet(const struct streaminfo * a_stream, int after_n_packets, int thread_seq); +int srt_action_context_set_hitted_app_id(const struct streaminfo * a_stream, int hited_app_id, int thread_seq); + +char srt_action_context_get_direction(const struct streaminfo * a_stream); diff --git a/src/tsg_dns.cpp b/src/tsg_dns.cpp index 5f52262..f64cf3e 100644 --- a/src/tsg_dns.cpp +++ b/src/tsg_dns.cpp @@ -4,6 +4,7 @@ #include #include "tsg_entry.h" +#include "tsg_rule_internal.h" #include "tsg_protocol_common.h" static int random_integer(int max, int min) @@ -192,12 +193,9 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans } int used_len=0; - if(answer_records->record_val.selected_flag==1) { - char profile_id[128]={0}; - snprintf(profile_id, sizeof(profile_id), "%d", answer_records->record_val.selected.profile_id); - struct dns_profile_records *profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id); + struct dns_profile_records *profile_records=(struct dns_profile_records *)matched_rule_cites_dns_profile_record(g_tsg_maat_feather, answer_records->record_val.selected.profile_id); if(profile_records==NULL) { return 0; @@ -208,19 +206,18 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, profile_records->record_val+idx, record_num, answer_records->max_ttl, answer_records->min_ttl); (*answer_record_num)+=record_num; - dns_profile_records_free(0, (MAAT_PLUGIN_EX_DATA *)&profile_records, 0, NULL); + plugin_ex_data_dns_profile_record_free(profile_records); } else { (*answer_record_num)++; used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, &(answer_records->record_val), 1, answer_records->max_ttl, answer_records->min_ttl); } - return used_len; } -unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data) +unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data) { int ret=0,used_len=0,record_num=0; unsigned char raw_route_dir=0; diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 9a777ac..310147b 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -27,6 +28,7 @@ #include "tsg_send_log_internal.h" #include "tsg_ssl_utils.h" #include "tsg_ssh_utils.h" +#include "tsg_rule_internal.h" #include "tsg_protocol_common.h" #include "tsg_sync_state.h" @@ -53,7 +55,6 @@ static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL; char TSG_MASTER_VERSION_20200805 = 0; const char *tsg_conffile="tsgconf/main.conf"; -g_tsg_para_t g_tsg_para; struct id2field g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, {0, TSG_FS2_UDP_LINKS, "udp_links"}, @@ -80,9 +81,9 @@ struct id2field g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links" {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"}, {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"}, {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"}, - {0, TSG_FS2_SUCESS_TAMPER, "tamper_sucess"}, - {0, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, "tamper_nopload"}, - {0, TSG_FS2_TAMPER_FAILED_NOSWAP, "tamper_noswap"}, + {0, TSG_FS2_SUCESS_TAMPER, "tamper_sucess"}, + {0, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, "tamper_nopload"}, + {0, TSG_FS2_TAMPER_FAILED_NOSWAP, "tamper_noswap"}, {0, TSG_FS2_ASN_ADD, "asn_add"}, {0, TSG_FS2_ASN_DEL, "asn_del"}, {0, TSG_FS2_GTPC_ADD, "gtpc_add"}, @@ -111,33 +112,6 @@ struct id2field g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links" {0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"} }; -struct id2field g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, - {PROTO_IPv4, 0, "IPV4"}, - {PROTO_IPv6, 0, "IPV6"}, - {PROTO_TCP, 0, "TCP"}, - {PROTO_UDP, 0, "UDP"}, - {PROTO_HTTP, 0, "HTTP"}, - {PROTO_MAIL, 0, "MAIL"}, - {PROTO_DNS, 0, "DNS"}, - {PROTO_FTP, 0, "FTP"}, - {PROTO_SSL, 0, "SSL"}, - {PROTO_SIP, 0, "SIP"}, - {PROTO_BGP, 0, "BGP"}, - {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"}, - {PROTO_QUIC, 0, "QUIC"}, - {PROTO_SSH, 0, "SSH"}, - {PROTO_SMTP, 0, "SMTP"}, - {PROTO_IMAP, 0, "IMAP"}, - {PROTO_POP3, 0, "POP3"}, - {PROTO_RTP, 0, "RTP"}, - {PROTO_APP, 0, "BASE"}, - {PROTO_L2TP, 0, "L2TP"}, - {PROTO_PPTP, 0, "PPTP"}, - {PROTO_STRATUM, 0, "Stratum"}, - {PROTO_RDP, 0, "RDP"}, - {PROTO_DTLS, 0, "DTLS"} - }; - #define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1 static int init_page_template(const char *conffile) @@ -211,8 +185,8 @@ static int init_fs2_handle(const char *conffile) static int init_context(void **pme, int thread_seq) { - *pme=dictator_malloc(thread_seq, sizeof(struct master_context)); - memset(*pme, 0, sizeof(struct master_context)); + *pme=dictator_malloc(thread_seq, sizeof(struct session_runtime_process_context)); + memset(*pme, 0, sizeof(struct session_runtime_process_context)); return 0; } @@ -281,7 +255,7 @@ static int set_app_timeout(const struct streaminfo *a_stream, struct app_id_dict int ret=MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)timeout, sizeof(unsigned short)); if(ret<0) { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1); } else { @@ -369,42 +343,7 @@ static char get_direction(const struct streaminfo *a_stream) return direction; } -static int print_hit_path(const struct streaminfo *a_stream, struct master_context *context) -{ - if(g_tsg_para.hit_path_switch==0) - { - return 0; - } - - char path_buff[1024*128]={0}; - int i=0, n_read=0, offset=0; - struct Maat_hit_path_t hit_path[1024]; - - n_read=Maat_get_scan_status(g_tsg_maat_feather, &(context->mid), MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path)); - for(i=0; irule_id); + if(maat_compile==NULL || maat_compile->user_region==NULL) { return 0; } - if(user_region->method_type==TSG_METHOD_TYPE_APP_DROP) + if(maat_compile->user_region->method_type==TSG_METHOD_TYPE_APP_DROP) { - ret=1; + plugin_ex_data_security_compile_free(maat_compile); + return 1; } - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); - - return ret; + return 0; } -static int is_deny_after_N_packets(Maat_rule_t *p_result) +static int is_deny_after_N_packets(struct maat_rule *p_result) { - int ret=0; - struct compile_user_region *user_region=NULL; - - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); - if(user_region==NULL) + struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id); + if(maat_compile==NULL || maat_compile->user_region==NULL) { return 0; } - if(user_region->method_type!=TSG_METHOD_TYPE_APP_DROP && user_region->method_type!=TSG_METHOD_TYPE_DROP) + if(maat_compile->user_region->method_type!=TSG_METHOD_TYPE_APP_DROP && maat_compile->user_region->method_type!=TSG_METHOD_TYPE_DROP) { return 0; } - if(user_region->deny!=NULL && user_region->deny->after_n_packets>0) + if(maat_compile->user_region->deny!=NULL && maat_compile->user_region->deny->after_n_packets>0) { - ret=1; - } - - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); - - return ret; -} - -long long get_current_time_ms(void) -{ - int size=sizeof(long long); - long long current_time_ms=0; - sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, ¤t_time_ms, &size); - - return current_time_ms; -} - -static int get_table_id(tsg_protocol_t protocol) -{ - switch(protocol) - { - case PROTO_HTTP: - return g_tsg_para.table_id[TABLE_HTTP_HOST]; - case PROTO_SSL: - return g_tsg_para.table_id[TABLE_SSL_SNI]; - case PROTO_QUIC: - return g_tsg_para.table_id[TABLE_QUIC_SNI]; - case PROTO_DTLS: - return g_tsg_para.table_id[TABLE_DTLS_SNI]; - default: - break; + plugin_ex_data_security_compile_free(maat_compile); + return 1; } - return -1; + return 0; } static int get_raw_packet_len(const struct streaminfo *a_stream) @@ -555,60 +458,55 @@ static int get_raw_packet_len(const struct streaminfo *a_stream) return raw_packet_len; } -static int get_default_para(const struct streaminfo *a_stream, int compile_id) +static int get_default_para(const struct streaminfo *a_stream) { int after_n_packets=0; - struct Maat_rule_t p_result={0}; - struct compile_user_region *user_region=NULL; - - p_result.config_id=compile_id; - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); - if(user_region!=NULL && user_region->method_type==TSG_METHOD_TYPE_DEFAULT) + long long compile_id=tsg_default_compile_id_get(); + struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, compile_id); + if(maat_compile!=NULL && maat_compile->user_region!=NULL && maat_compile->user_region->method_type==TSG_METHOD_TYPE_DEFAULT) { - if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY) + if(maat_compile->user_region->session_para!=NULL && maat_compile->user_region->session_para->result.action==TSG_ACTION_DENY) { switch(a_stream->type) { case STREAM_TYPE_TCP: - after_n_packets=user_region->session_para->tcp.after_n_packets; + after_n_packets=maat_compile->user_region->session_para->tcp.after_n_packets; break; case STREAM_TYPE_UDP: - after_n_packets=user_region->session_para->udp.after_n_packets; + after_n_packets=maat_compile->user_region->session_para->udp.after_n_packets; break; default: break; } } - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); + plugin_ex_data_security_compile_free(maat_compile); } return after_n_packets; } -static int get_default_policy(int compile_id, struct Maat_rule_t *result) +static int get_default_policy(struct maat_rule *result) { - int ret=0; - struct Maat_rule_t p_result={0}; - struct compile_user_region *user_region=NULL; - - p_result.config_id=compile_id; - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); - if(user_region!=NULL) + long long compile_id=tsg_default_compile_id_get(); + struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, compile_id); + if(maat_compile!=NULL && maat_compile->user_region!=NULL) { - if(user_region->method_type==TSG_METHOD_TYPE_DEFAULT) + if(maat_compile->user_region->method_type==TSG_METHOD_TYPE_DEFAULT) { - if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY) + if(maat_compile->user_region->session_para!=NULL && maat_compile->user_region->session_para->result.action==TSG_ACTION_DENY) { - memcpy(result, &(user_region->session_para->result), sizeof(struct Maat_rule_t)); + memcpy(result, &(maat_compile->user_region->session_para->result), sizeof(struct maat_rule)); } - ret=1; + plugin_ex_data_security_compile_free(maat_compile); + return 1; } - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); + + plugin_ex_data_security_compile_free(maat_compile); } - return ret; + return 0; } static int get_packet_sequence(const struct streaminfo *a_stream) @@ -656,157 +554,7 @@ static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_p return 0; } -int set_hited_app_id(const struct streaminfo *a_stream, unsigned int hited_app_id) -{ - struct gather_app_result *gather_result=NULL; - - gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); - if(gather_result==NULL) - { - return 0; - } - - gather_result[ORIGIN_HITED_APP].app_num=1; - gather_result[ORIGIN_HITED_APP].origin=ORIGIN_HITED_APP; - gather_result[ORIGIN_HITED_APP].attributes[0].app_id=hited_app_id; - gather_result[ORIGIN_HITED_APP].attributes[0].surrogate_id=0; - - return 1; -} - -static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct master_context *context, int thread_seq) -{ - tsg_log_t log_msg; - char *domain_field_name=NULL; - char *schema_field_name=NULL; - char *quic_ua_field_name=NULL; - char *quic_version_field_name=NULL; - struct TLD_handle_t *TLD_handle=NULL; - tsg_protocol_t proto=PROTO_UNKONWN; - struct tsg_conn_sketch_notify_data *notify=NULL; - if(context!=NULL) - { - proto=context->proto; - } - - log_msg.a_stream=(struct streaminfo *)a_stream; - log_msg.result=p_result; - log_msg.result_num=result_num; - - if(p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id>=0) - { - switch(proto) - { - case PROTO_SSH: - case PROTO_RDP: - case PROTO_STRATUM: - notify=(struct tsg_conn_sketch_notify_data *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id); - if (notify != NULL && notify->pdata.TLD_handle!=NULL && (notify->protocol== PROTO_SSH || notify->protocol== PROTO_STRATUM || notify->protocol== PROTO_RDP)) - { - TLD_handle = TLD_duplicate(notify->pdata.TLD_handle); - if (TLD_handle!=NULL) - { - tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); - tsg_set_policy_flow((struct streaminfo *)a_stream, p_result, thread_seq); - return 1; - } - } - break; - default: - break; - } - } - - TLD_handle=TLD_create(thread_seq); - schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); - - if(proto>PROTO_UNKONWN && protodomain!=NULL) - { - switch(proto) - { - case PROTO_HTTP: - domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_HOST); - TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); - - if(context->http_url!=NULL) - { - domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_URL); - TLD_append(TLD_handle, domain_field_name, (void *)context->http_url, TLD_TYPE_STRING); - } - break; - case PROTO_SSL: - domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_SSL_SNI); - TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); - break; - case PROTO_QUIC: - domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_SNI); - TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); - break; - case PROTO_DTLS: - domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_DTLS_SNI); - TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); - break; - default: - break; - } - } - - if(context!=NULL && context->quic_version>0) - { - char quic_version[64]={0}; - if(quic_version_int2string(context->quic_version, quic_version, sizeof(quic_version))) - { - quic_version_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_VERSION); - TLD_append(TLD_handle, quic_version_field_name, (void *)quic_version, TLD_TYPE_STRING); - } - - if(context->quic_ua!=NULL) - { - quic_ua_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_USER_AGENT); - TLD_append(TLD_handle, quic_ua_field_name, (void *)context->quic_ua, TLD_TYPE_STRING); - } - } - } - else - { - TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING); - } - - if(context!=NULL && context->hited_app_id>0) - { - set_hited_app_id(a_stream, context->hited_app_id); - } - - tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); - - if(p_result->config_id!=DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID) - { - tsg_set_policy_flow((struct streaminfo *)a_stream, p_result, thread_seq); - } - - return 1; -} - -static int tsg_proto_name2flag(char *proto_list, int *flag) +static int protocol_name2flag(char *proto_list, int *flag) { char *e=NULL; char *s=proto_list; @@ -847,13 +595,27 @@ static char *malloc_copy_string(char *origin, int length, int thread_seq) return dest; } -int copy_app_result(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence) +int device_id_set_telegraf(char *device_sn) { - if(identify_result->app_id_num<=gather_result->app_num) + if(device_sn) { - return 0; + FILE *fp=fopen("/etc/default/telegraf", "wb"); + if(fp) + { + char buff[128]={0}; + snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn); + fwrite(buff, strlen(buff), 1, fp); + fclose(fp); + fp=NULL; + return 0; + } } - + + return -1; +} + +int app_gather_results_update(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence) +{ gather_result->app_num=0; for(int i=0; (i < identify_result->app_id_num) && iapp_num < MAX_APP_ID_NUM); i++) { @@ -867,7 +629,7 @@ int copy_app_result(struct gather_app_result *gather_result, struct app_identify return 0; } -static int l7_protocol_mapper(const char *conffile) +static int l7_protocol_mapper_init(const char *conffile) { int ret=0; FILE *fp=NULL; @@ -910,117 +672,29 @@ static int l7_protocol_mapper(const char *conffile) return 1; } -char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id) -{ - struct l7_protocol *l7_proto=NULL; - HASH_FIND(hh1, g_tsg_para.name_by_id, &l7_protocol_id, sizeof(l7_protocol_id), l7_proto); - if(l7_proto!=NULL) - { - return l7_proto->name; - } - - return NULL; -} - -unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) +static int srt_process_context_set_l7_protocol(struct session_runtime_process_context *srt_process_context, unsigned int app_id) { - struct l7_protocol *l7_proto=NULL; - - HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto); - if(l7_proto!=NULL) - { - return l7_proto->id; - } - - return 0; -} - -static int set_l7_protocol_to_pme(struct master_context *context, unsigned int app_id) -{ - char *l7_protocol_name=tsg_l7_protocol_id2name(app_id); + const char *l7_protocol_name=tsg_l7_protocol_id2name(app_id); if(l7_protocol_name!=NULL) { for(int i=PROTO_HTTP; iproto=(tsg_protocol_t)g_tsg_proto_name2id[i].type; + srt_process_context->proto=(enum TSG_PROTOCOL)g_tsg_proto_name2id[i].type; return 1; } } } - context->proto=PROTO_APP; + srt_process_context->proto=PROTO_APP; return 0; } -int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_result, char *domain, int thread_seq) +static int session_app_gather_results_set_l7_protocol(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol) { - if(domain!=NULL) - { - scan_status_t mid=NULL; - struct Maat_rule_t tmp_result; - int ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI], CHARSET_UTF8, domain, strlen(domain), &tmp_result, NULL, 1, &mid,thread_seq); - if(mid!=NULL) - { - Maat_clean_status(&mid); - mid=NULL; - } - - if(ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "EXCLUSION_SSL_SNI", - "Hit %s policy_id: %d service: %d action: %d Decryption Exclusion: [ policy_id: %d service: %d action: %d ] addr: %s", - domain, - tmp_result.config_id, - tmp_result.service_id, - (unsigned char)tmp_result.action, - p_result->config_id, - p_result->service_id, - (unsigned char)p_result->action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return 1; - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "EXCLUSION_SSL_SNI", - "Not hit %s stream_dir: %d addr: %s scan ret: %d", - domain, - a_stream->dir, - PRINTADDR(a_stream, g_tsg_para.level), - ret - ); - } - - return 0; -} - -static int scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq) -{ - int scan_ret=0; - struct session_attribute_label *attribute_label=NULL; - - attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); - if(attribute_label!=NULL && domain!=NULL && table_id>=0) - { - attribute_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, domain, attribute_label->fqdn_category_id, MAX_CATEGORY_ID_NUM, g_tsg_para.logger, thread_seq); - scan_ret=tsg_scan_fqdn_category_id(g_tsg_maat_feather, a_stream, result, result_num, mid, table_id, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num, thread_seq); - } - - return scan_ret; -} - -static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol_t protocol) -{ - struct gather_app_result *gather_result=NULL; - - gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); + struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); if(gather_result!=NULL) { return 0; @@ -1028,7 +702,7 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX); memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result); + session_gather_app_results_async(a_stream, (void *)gather_result); int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name); if(app_id>0) @@ -1043,124 +717,44 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol return 0; } -int set_after_n_packet_to_tcpall(const struct streaminfo *a_stream, int after_n_packets, int thread_seq) +int session_app_gather_results_update_matched_app_id(const struct streaminfo *a_stream, unsigned int hited_app_id) { - struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); - if(_context==NULL) + struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); + if(gather_result==NULL) { - _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(_context, 0, sizeof(struct tcpall_context)); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); + return 0; } - - _context->hited_para.after_n_packets=after_n_packets; - return 1; -} - -int set_hited_app_id_to_tcpall(const struct streaminfo *a_stream, int hited_app_id, int thread_seq) -{ - struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); - if(_context==NULL) - { - _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(_context, 0, sizeof(struct tcpall_context)); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); - } - - _context->hited_para.hited_app_id=hited_app_id; - - return 1; -} - -int set_protocol_to_tcpall(const struct streaminfo *a_stream, tsg_protocol_t protocol, int thread_seq) -{ - struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); - if(_context==NULL) - { - _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(_context, 0, sizeof(struct tcpall_context)); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); - } - - _context->protocol=protocol; - - return 1; -} - -int set_method_to_tcpall(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq) -{ - struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); - if(_context==NULL) - { - _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(_context, 0, sizeof(struct tcpall_context)); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); - } - - switch(_context->method_type) - { - case TSG_METHOD_TYPE_UNKNOWN: - case TSG_METHOD_TYPE_DEFAULT: - case TSG_METHOD_TYPE_MIRRORED: - _context->method_type=method_type; - break; - default: - return 0; - break; - } + gather_result[ORIGIN_HITED_APP].app_num=1; + gather_result[ORIGIN_HITED_APP].origin=ORIGIN_HITED_APP; + gather_result[ORIGIN_HITED_APP].attributes[0].app_id=hited_app_id; + gather_result[ORIGIN_HITED_APP].attributes[0].surrogate_id=0; return 1; } -int set_bucket_to_tcpall(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq) +int session_state_sync_in_opening_and_closing(const struct streaminfo *a_stream, unsigned char state) { - struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); - if(_context==NULL) + struct segment_id_list sid_list={0}; + + if(g_tsg_para.service_chaining_sid>0) { - _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(_context, 0, sizeof(struct tcpall_context)); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); + sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.service_chaining_sid; } - switch(_context->method_type) + if(g_tsg_para.shaping_sid>0) { - case TSG_METHOD_TYPE_RATE_LIMIT: - return 1; - break; - case TSG_METHOD_TYPE_DEFAULT: - case TSG_METHOD_TYPE_UNKNOWN: - break; - default: - return 0; - break; + sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.shaping_sid; } - _context->method_type=TSG_METHOD_TYPE_RATE_LIMIT; - _context->bucket=bucket; - - return 1; -} - -char get_direction_from_tcpall(const struct streaminfo *a_stream) -{ - struct tcpall_context *context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); - if(context!=NULL) + if(sid_list.sz_sidlist==0) { - return context->direction; + return 0; } - return -1; -} - -static int send_control_packet_in_pending(const struct streaminfo *a_stream, unsigned char state) -{ - unsigned long long trace_id=tsg_get_stream_id((struct streaminfo *)a_stream); + unsigned long long trace_id=tsg_get_stream_trace_id((struct streaminfo *)a_stream); MESA_set_stream_opt(a_stream, MSO_STREAM_SET_DATAMETA_TRACE_ID, (void *)&trace_id, sizeof(unsigned long long)); - struct segment_id_list sid_list={0}; - sid_list.sid_list[0]=(unsigned short)g_tsg_para.service_chaining_sid; - sid_list.sz_sidlist=1; MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list)); if(g_tsg_para.send_resetall==0) @@ -1171,366 +765,288 @@ static int send_control_packet_in_pending(const struct streaminfo *a_stream, uns FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_RESETALL], 0, FS_OP_ADD, 1); } } - - tsg_sync_opening_state(a_stream, state); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_OPENING], 0, FS_OP_ADD, 1); - sid_list.sz_sidlist=0; - MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list)); - - return 0; -} - -static int send_control_packet_in_closing(const struct streaminfo *a_stream, unsigned char state) -{ - unsigned long long trace_id=tsg_get_stream_id((struct streaminfo *)a_stream); - MESA_set_stream_opt(a_stream, MSO_STREAM_SET_DATAMETA_TRACE_ID, (void *)&trace_id, sizeof(unsigned long long)); - - struct segment_id_list sid_list={0}; - sid_list.sid_list[0]=(unsigned short)g_tsg_para.service_chaining_sid; - sid_list.sz_sidlist=1; - MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list)); - - tsg_sync_closing_state(a_stream, state); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_CLOSING], 0, FS_OP_ADD, 1); - - sid_list.sz_sidlist=0; - MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list)); - return 0; -} - -void set_s_chaining_result_to_bridge(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_seq) -{ - if(p_result==NULL || p_result_num==0) + switch(state) { - return ; - } - - struct tm_hited_result *hited_s_chaining=(struct tm_hited_result *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id); - if(hited_s_chaining==NULL) - { - hited_s_chaining=(struct tm_hited_result *)dictator_malloc(thread_seq, sizeof(struct tm_hited_result)); - memset(hited_s_chaining, 0, sizeof(struct tm_hited_result)); - } - - int inc_result_num=0; - struct Maat_rule_t *inc_result=&(hited_s_chaining->result[hited_s_chaining->result_num]); - int num=MIN(MAX_RESULT_NUM-hited_s_chaining->result_num, p_result_num); - for(int i=0; iresult_num+inc_result_num; j++) - { - if(p_result[i].config_id==hited_s_chaining->result[j].config_id) - { - repeat_result=1; - break; - } - } - - if(repeat_result==0) - { - memcpy(&(inc_result[inc_result_num++]), &(p_result[i]), sizeof(struct Maat_rule_t)); - } - } - - if(inc_result_num==0) - { - return ; - } - - if(hited_s_chaining->sid!=g_tsg_para.service_chaining_sid) - { - struct segment_id_list sid_list={0}; - sid_list.sid_list[0]=(unsigned short)g_tsg_para.service_chaining_sid; - sid_list.sz_sidlist=1; - MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list)); - hited_s_chaining->sid=g_tsg_para.service_chaining_sid; - } - - struct update_policy policy_array; - policy_array.id_num=inc_result_num; - policy_array.type=POLICY_UPDATE_SERVICE_CHAINING; - - for(int i=0; iresult_num+=inc_result_num; - int ret=tsg_set_xxx_to_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining); - if(ret<0) - { - free_shaping_result(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining); - return ; - } - - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_S_CHAINING], 0, FS_OP_ADD, inc_result_num); - set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq); -} - -int tsg_notify_hited_s_chaining_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq) -{ - set_s_chaining_result_to_bridge(a_stream, result, result_num, thread_seq); - return 0; -} - -static void set_shaping_result_to_bridge(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_seq) -{ - if(p_result==NULL || p_result_num==0) - { - return ; - } - - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); - if(shaping_label==NULL) - { - shaping_label=(struct notify_shaping_policy *)dictator_malloc(thread_seq, sizeof(struct notify_shaping_policy)); - memset(shaping_label, 0, sizeof(struct notify_shaping_policy)); - } - - int inc_result_num=0; - struct Maat_rule_t *inc_result=&(shaping_label->shaping_result[shaping_label->shaping_result_num]); - int num=MIN(MAX_RESULT_NUM-shaping_label->shaping_result_num, p_result_num); - for(int i=0; ishaping_result_num+inc_result_num; j++) - { - if(p_result[i].config_id==shaping_label->shaping_result[j].config_id) - { - repeat_result=1; - break; - } - } - - if(repeat_result==0) - { - memcpy(&(inc_result[inc_result_num++]), &(p_result[i]), sizeof(struct Maat_rule_t)); - } - } - - if(inc_result_num==0) - { - return ; - } - - struct notify_shaping_policy sync_result={0, {0}}; - sync_result.shaping_result_num=inc_result_num; - memcpy(sync_result.shaping_result, inc_result, inc_result_num*sizeof(struct Maat_rule_t)); - stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)&sync_result); - - shaping_label->shaping_result_num+=inc_result_num; - int ret=tsg_set_xxx_to_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); - if(ret<0) - { - free_shaping_result(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); - return ; - } - - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, inc_result_num); - set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq); -} - -int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq) -{ - set_shaping_result_to_bridge(a_stream, result, result_num, thread_seq); - return 0; -} - -int set_log_field_to_project(const struct streaminfo * a_stream, char *domain, void *para, tsg_protocol_t proto, int thread_seq) -{ - struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - if(priority_label==NULL) - { - priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); - memset(priority_label, 0, sizeof(struct policy_priority_label)); - - int ret=tsg_set_xxx_to_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); - if(ret<0) - { - free_policy_label(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); - } - } - - priority_label->proto=proto; - if(domain!=NULL) - { - priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(domain)); - memcpy(priority_label->domain, domain, priority_label->domain_len); - } - - if(para!=NULL) - { - int length=strlen((const char*)para); - priority_label->para=dictator_malloc(thread_seq,length+1); - memcpy(priority_label->para, para, length); - ((char *)priority_label->para)[length]='\0'; - } - - return 0; -} - -static void set_security_result_to_bridge(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq) -{ - if(p_result==NULL || p_result_num==0) - { - return ; - } - - struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - if(priority_label==NULL) - { - priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); - memset(priority_label, 0, sizeof(struct policy_priority_label)); - priority_label->result_type=result_type; - - int ret=tsg_set_xxx_to_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); - if(ret<0) - { - free_policy_label(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); - } - } - - if(priority_label->result_type!=result_type) - { - if(p_result[0].actionsecurity_result[0].action) - { - return ; - } - - if(p_result[0].action>priority_label->security_result[0].action) - { - priority_label->security_result_num=0; - } - - priority_label->result_type=result_type; - } - - int num=MIN(MAX_RESULT_NUM-priority_label->security_result_num, p_result_num); - for(int i=0; isecurity_result_num; j++) - { - if(p_result[i].config_id==priority_label->security_result[j].config_id) - { - repeat_result=1; - break; - } - } - - if(repeat_result==0) - { - memcpy(&(priority_label->security_result[priority_label->security_result_num++]), &(p_result[i]), sizeof(struct Maat_rule_t)); - } - } - - return ; -} - -int tsg_notify_hited_security_result(const struct streaminfo * a_stream, struct Maat_rule_t * p_result, int p_result_num, int thread_seq) -{ - set_security_result_to_bridge(a_stream, p_result, p_result_num, PULL_FW_RESULT, thread_seq); - return 0; -} - - -void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq) -{ - unsigned long long create_time=0; - unsigned long long current_time=0; - int ret=0,size=sizeof(create_time); - struct _ssl_ja3_info_t *ja3_info=NULL; - struct session_attribute_label *attribute_label=NULL; - - attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); - if(attribute_label==NULL) - { - attribute_label=(struct session_attribute_label *)dictator_malloc(thread_seq, sizeof(struct session_attribute_label)); - memset(attribute_label, 0, sizeof(struct session_attribute_label)); - - ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (const void *)attribute_label); - if(ret<0) - { - dictator_free(thread_seq, (void *)attribute_label); - attribute_label=NULL; - return ; - } - } - - switch(type) - { - case TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY: - ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size); - if(ret<0) - { - break; - } - - size=sizeof(current_time); - ret=sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, (void *)¤t_time, &size); - if(ret<0) - { - break; - } - - attribute_label->establish_latency_ms=current_time-create_time; + case OP_STATE_PENDING: + tsg_sync_opening_state(a_stream, state); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_OPENING], 0, FS_OP_ADD, 1); break; - case TSG_ATTRIBUTE_TYPE_PROTOCOL: - attribute_label->proto=(tsg_protocol_t)(*(int *)value); - break; - case TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE: - attribute_label->http_action_file_size=(*(int *)value); - break; - case TSG_ATTRIBUTE_TYPE_JA3_HASH: - ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum); - if(ja3_info!=NULL) - { - if(attribute_label!=NULL && ja3_info->fp!=NULL && ja3_info->fp_len>0) - { - attribute_label->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1); - memset(attribute_label->ja3_fingerprint, 0, ja3_info->fp_len+1); - memcpy(attribute_label->ja3_fingerprint, ja3_info->fp, ja3_info->fp_len); - } - } - break; - case TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO: - tsg_get_umts_user_info(a_stream, &(attribute_label->user_info)); - break; - case TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID: - tsg_get_subscribe_id(a_stream, &attribute_label->client_subscribe_id, &attribute_label->server_subscribe_id); - break; - case TSG_ATTRIBUTE_TYPE_ASN: - tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_USER_DEFINED], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn)); - tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_BUILT_IN], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn)); - break; - case TSG_ATTRIBUTE_TYPE_LOCATION: - tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_USER_DEFINED], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location)); - tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_BUILT_IN], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location)); - break; - case TSG_ATTRIBUTE_TYPE_CATEGORY_ID: - if(value_len<=0 || value_len>MAX_CATEGORY_ID_NUM) - { - break; - } - memcpy(attribute_label->fqdn_category_id, value, sizeof(unsigned int)*value_len); - attribute_label->fqdn_category_id_num=value_len; - break; - case TSG_ATTRIBUTE_TYPE_SESSION_FLAGS: - attribute_label->session_flags=*(unsigned long *)(value); + case OP_STATE_CLOSE: + tsg_sync_closing_state(a_stream, state); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_CLOSING], 0, FS_OP_ADD, 1); break; default: break; } - return ; + sid_list.sz_sidlist=0; + MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list)); + + return 1; } -static char set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr) +size_t matched_rules_increase_in_avtiving(const struct matched_policy_rules *matched_rules, struct maat_rule *new_rules, size_t n_new_rules, struct maat_rule *inc_rules, size_t n_inc_rules) +{ + size_t n_inc_rules_offset=0; + size_t num=MIN(MAX_RESULT_NUM-matched_rules->n_rules, n_new_rules); + for(size_t i=0; in_rules+n_inc_rules_offset; j++) + { + if((new_rules[i].rule_id==matched_rules->rules[j].rule_id) || (new_rules[i].rule_id==inc_rules[j].rule_id)) + { + repeat_rule=1; + break; + } + } + + if(repeat_rule==0 && n_inc_rules>n_inc_rules_offset) + { + memcpy(&(inc_rules[n_inc_rules_offset++]), &(new_rules[i]), sizeof(struct maat_rule)); + } + } + + return n_inc_rules_offset; +} + +int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *inc_rules, size_t n_inc_rules) +{ + unsigned short segment_id=0; + enum policy_type p_type=POLICY_UPDATE_MAX; + switch(service) + { + case TSG_SERVICE_CHAINING: + p_type=POLICY_UPDATE_SERVICE_CHAINING; + segment_id=(unsigned short)g_tsg_para.service_chaining_sid; + break; + case TSG_SERVICE_SHAPING: + p_type=POLICY_UPDATE_SHAPING; + segment_id=(unsigned short)g_tsg_para.shaping_sid; + break; + default: + return 0; + } + + if(segment_id==0) + { + return 0; + } + + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(a_stream); + if(segment_ids==NULL) + { + segment_ids=(struct segment_id_list *)dictator_malloc(a_stream->threadnum, sizeof(struct segment_id_list)); + memset(segment_ids, 0, sizeof(struct segment_id_list)); + } + + int add_sid=1; + for(size_t i=0; isz_sidlist; i++) + { + if(segment_ids->sid_list[i]==segment_id) + { + add_sid=0; + break; + } + } + + if(add_sid==1) + { + segment_ids->sid_list[segment_ids->sz_sidlist++]=segment_id; + } + + struct segment_id_list sid_list; + sid_list.sz_sidlist=1; + sid_list.sid_list[0]=segment_id; + MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list)); + + struct update_policy policy_array; + policy_array.n_ids=n_inc_rules; + policy_array.type=p_type; + + for(size_t i=0; in_rules); + if(n_inc_results==0) + { + return 0; + } + + int ret=session_set_segment_id_in_activing(a_stream, service, inc_rules, n_inc_results); + if(ret==0) + { + return 0; + } + + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_ACTIVE], 0, FS_OP_ADD, 1); + + memcpy(matched_rules->rules+matched_rules->n_rules, inc_rules, n_inc_results*sizeof(struct maat_rule)); + matched_rules->n_rules+=n_inc_results; + ret=session_matched_rules_async(a_stream, service, (void *)matched_rules); + if(ret<0) + { + session_matched_rules_free(a_stream, service, (void *)matched_rules); + return 0; + } + + return 1; +} + +static int session_runtime_process_log_send(const struct streaminfo *a_stream, struct maat_rule *rules, int n_rules, struct session_runtime_process_context *srt_process_context, int thread_seq) +{ + char *domain_field_name=NULL; + char *schema_field_name=NULL; + char *quic_ua_field_name=NULL; + char *quic_version_field_name=NULL; + struct TLD_handle_t *TLD_handle=NULL; + enum TSG_PROTOCOL proto=PROTO_UNKONWN; + struct tsg_conn_sketch_notify_data *notify=NULL; + if(srt_process_context!=NULL) + { + proto=srt_process_context->proto; + } + + if(rules[0].action==TSG_ACTION_MONITOR) + { + switch(proto) + { + case PROTO_SSH: + case PROTO_RDP: + case PROTO_STRATUM: + notify=(struct tsg_conn_sketch_notify_data *)session_conn_sketch_notify_data_get(a_stream); + if (notify != NULL && notify->pdata.TLD_handle!=NULL && (notify->protocol== PROTO_SSH || notify->protocol== PROTO_STRATUM || notify->protocol== PROTO_RDP)) + { + TLD_handle = TLD_duplicate(notify->pdata.TLD_handle); + if (TLD_handle!=NULL) + { + tsg_send_log(g_tsg_log_instance, TLD_handle, a_stream, LOG_TYPE_SECURITY_EVENT, rules, n_rules, thread_seq); + tsg_set_policy_flow(a_stream, rules, thread_seq); + return 1; + } + } + break; + default: + break; + } + } + + TLD_handle=TLD_create(thread_seq); + schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); + + if(proto>PROTO_UNKONWN && protodomain!=NULL) + { + switch(proto) + { + case PROTO_HTTP: + domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_HOST); + TLD_append(TLD_handle, domain_field_name, (void *)srt_process_context->domain, TLD_TYPE_STRING); + + if(srt_process_context->http_url!=NULL) + { + domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_URL); + TLD_append(TLD_handle, domain_field_name, (void *)srt_process_context->http_url, TLD_TYPE_STRING); + } + break; + case PROTO_SSL: + domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_SSL_SNI); + TLD_append(TLD_handle, domain_field_name, (void *)srt_process_context->domain, TLD_TYPE_STRING); + break; + case PROTO_QUIC: + domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_SNI); + TLD_append(TLD_handle, domain_field_name, (void *)srt_process_context->domain, TLD_TYPE_STRING); + break; + case PROTO_DTLS: + domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_DTLS_SNI); + TLD_append(TLD_handle, domain_field_name, (void *)srt_process_context->domain, TLD_TYPE_STRING); + break; + default: + break; + } + } + + if(srt_process_context!=NULL && srt_process_context->quic_version>0) + { + char quic_version[64]={0}; + if(quic_version_int2string(srt_process_context->quic_version, quic_version, sizeof(quic_version))) + { + quic_version_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_VERSION); + TLD_append(TLD_handle, quic_version_field_name, (void *)quic_version, TLD_TYPE_STRING); + } + + if(srt_process_context->quic_ua!=NULL) + { + quic_ua_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_USER_AGENT); + TLD_append(TLD_handle, quic_ua_field_name, (void *)srt_process_context->quic_ua, TLD_TYPE_STRING); + } + } + } + else + { + TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING); + } + + if(srt_process_context!=NULL && srt_process_context->hited_app_id>0) + { + session_app_gather_results_update_matched_app_id(a_stream, srt_process_context->hited_app_id); + } + + tsg_send_log(g_tsg_log_instance, TLD_handle, a_stream, LOG_TYPE_SECURITY_EVENT, rules, n_rules, thread_seq); + + if(rules->rule_id!=DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID) + { + tsg_set_policy_flow(a_stream, rules, thread_seq); + } + + return 1; +} + +static char session_tcp_establish_latency_ms_set(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr) { struct tcphdr *tcp=NULL; @@ -1541,10 +1057,10 @@ static char set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thr switch(a_tcp->addr.addrtype) { - case ADDR_TYPE_IPV4: - tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V4, ADDR_TYPE_TCP); + case ADDR_TYPE_IPV4: + tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V4, ADDR_TYPE_TCP); break; - case ADDR_TYPE_IPV6: + case ADDR_TYPE_IPV6: tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V6, ADDR_TYPE_TCP); break; default: @@ -1554,126 +1070,36 @@ static char set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thr if((tcp!=NULL) && !(tcp->syn)) { - set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY, NULL, 0, a_tcp->threadnum); + srt_attribute_set_establish_latecy(a_tcp); return 1; } return 0; } -int tsg_set_device_id_to_telegraf(char *device_sn) +struct maat_rule *matched_rules_decision_criteria(struct maat_rule *rules, size_t n_rules) { - if(device_sn) - { - FILE *fp=fopen("/etc/default/telegraf", "wb"); - if(fp) - { - char buff[128]={0}; - snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn); - fwrite(buff, strlen(buff), 1, fp); - fclose(fp); - fp=NULL; - return 0; - } - } + struct maat_rule *p_result=NULL; - return -1; -} - -static void free_session_attribute_label(int thread_seq, void *project_req_value) -{ - struct session_attribute_label *label=(struct session_attribute_label *)project_req_value; - - if(label!=NULL) - { - if(label->client_asn!=NULL) - { - ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger); - label->client_asn=NULL; - } - - if(label->server_asn!=NULL) - { - ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger); - label->server_asn=NULL; - } - - if(label->client_location!=NULL) - { - location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger); - label->client_location=NULL; - } - - if(label->server_location!=NULL) - { - location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger); - label->server_location=NULL; - } - - if(label->client_subscribe_id!=NULL) - { - subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger); - label->client_subscribe_id=NULL; - } - - if(label->server_subscribe_id!=NULL) - { - subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger); - label->server_subscribe_id=NULL; - } - - if(label->ja3_fingerprint!=NULL) - { - dictator_free(thread_seq, (void *)label->ja3_fingerprint); - label->ja3_fingerprint=NULL; - } - - if(label->user_info!=NULL) - { - gtp_c_free_data(0, (MAAT_PLUGIN_EX_DATA *)&label->user_info, 0, g_tsg_para.logger); - label->user_info=NULL; - } - - if(label->client_endpoint!=NULL) - { - tunnel_endpoint_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_endpoint, 0, g_tsg_para.logger); - label->client_endpoint=NULL; - } - - if(label->server_endpoint!=NULL) - { - tunnel_endpoint_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_endpoint, 0, g_tsg_para.logger); - label->server_endpoint=NULL; - } - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } -} - -struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) -{ - int i=0; - Maat_rule_t *p_result=NULL; - - for(i=0; i(unsigned char)p_result->action) + if((unsigned char)rules[i].action>(unsigned char)p_result->action) { - p_result=&result[i]; + p_result=&rules[i]; continue; } - if(result[i].action==p_result->action) + if(rules[i].action==p_result->action) { - if(result[i].config_id>p_result->config_id) + if(rules[i].rule_id>p_result->rule_id) { - p_result=&result[i]; + p_result=&rules[i]; } } } @@ -1681,7 +1107,7 @@ struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result return p_result; } -static int identify_application_protocol(const struct streaminfo *a_stream, struct master_context *context, void *a_packet) +static int session_l7_protocol_idnetify(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, void *a_packet) { int ret=0; @@ -1694,12 +1120,12 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru void *parser_result=http_field_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir); if(parser_result!=NULL) { - context->proto=PROTO_HTTP; + srt_process_context->proto=PROTO_HTTP; int length=http_get_filed_result(parser_result, HTTP_HOST, &host); - context->domain=malloc_copy_string(host, length, a_stream->threadnum); + srt_process_context->http_host=malloc_copy_string(host, length, a_stream->threadnum); length=http_get_filed_result(parser_result, HTTP_MESSAGE_URL, &url); - context->http_url=malloc_copy_string(url, length, a_stream->threadnum); + srt_process_context->http_url=malloc_copy_string(url, length, a_stream->threadnum); http_free_filed_result(parser_result); return 1; @@ -1714,19 +1140,19 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status); if(chello_status==CHELLO_PARSE_SUCCESS) { - context->proto=PROTO_SSL; + srt_process_context->proto=PROTO_SSL; if(chello->sni!=NULL) { - context->domain=malloc_copy_string(chello->sni, strlen(chello->sni), a_stream->threadnum); + srt_process_context->ssl_sni=malloc_copy_string(chello->sni, strlen(chello->sni), a_stream->threadnum); } - context->is_esni=(int)chello->is_encrypt_sni; + srt_process_context->is_esni=(int)chello->is_encrypt_sni; ssl_chello_free(chello); return 1; } - ssl_chello_free(chello); + ssl_chello_free(chello); } if(g_tsg_para.proto_flag&(1<0) { - context->proto=PROTO_FTP; + srt_process_context->proto=PROTO_FTP; return 1; } ret=ftp_data_identify((struct streaminfo *)a_stream); if(ret>0) { - context->proto=PROTO_FTP; + srt_process_context->proto=PROTO_FTP; return 1; } } @@ -1754,15 +1180,15 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru switch(ret) { case SMTP_PROTOCOL: - context->proto=PROTO_SMTP; + srt_process_context->proto=PROTO_SMTP; return 1; break; case POP3_PROTOCOL: - context->proto=PROTO_POP3; + srt_process_context->proto=PROTO_POP3; return 1; break; case IMAP_PROTOCOL: - context->proto=PROTO_IMAP; + srt_process_context->proto=PROTO_IMAP; return 1; break; default: @@ -1776,7 +1202,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru ret = ssh_protocol_identify((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger); if(ret > 0) { - context->proto=PROTO_SSH; + srt_process_context->proto=PROTO_SSH; return 1; } } @@ -1786,7 +1212,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru ret=stratum_identify((struct streaminfo *)a_stream, NULL, a_stream->threadnum, a_packet); if(ret==IS_STRATUM) { - context->proto=PROTO_STRATUM; + srt_process_context->proto=PROTO_STRATUM; return 1; } } @@ -1796,7 +1222,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru ret=rdp_protocol_identify((const char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, (unsigned int)a_stream->threadnum); if(ret==1) { - context->proto=PROTO_RDP; + srt_process_context->proto=PROTO_RDP; return 1; } } @@ -1807,7 +1233,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru { if(is_dns_protocol(a_stream)) { - context->proto=PROTO_DNS; + srt_process_context->proto=PROTO_DNS; return 1; } } @@ -1817,12 +1243,12 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru char ua_buff[512]={0}; char sni_buff[512]={0}; int sni_len=sizeof(sni_buff),ua_len=sizeof(ua_buff); - context->quic_version=quic_protocol_identify((struct streaminfo *)a_stream, a_packet, sni_buff, &sni_len, ua_buff, &ua_len); - if(context->quic_version > 0) + srt_process_context->quic_version=quic_protocol_identify((struct streaminfo *)a_stream, a_packet, sni_buff, &sni_len, ua_buff, &ua_len); + if(srt_process_context->quic_version > 0) { - context->proto=PROTO_QUIC; - context->domain=malloc_copy_string(sni_buff, sni_len, a_stream->threadnum); - context->quic_ua=malloc_copy_string(ua_buff, ua_len, a_stream->threadnum); + srt_process_context->proto=PROTO_QUIC; + srt_process_context->quic_sni=malloc_copy_string(sni_buff, sni_len, a_stream->threadnum); + srt_process_context->quic_ua=malloc_copy_string(ua_buff, ua_len, a_stream->threadnum); return 1; } } @@ -1835,7 +1261,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru sip_ret=sip_identify_from_to((char *)a_stream->pudpdetail->pdata, (unsigned int)a_stream->pudpdetail->datalen, &from, &from_len, &to, &to_len); if(sip_ret==SIP_TRUE) { - context->proto=PROTO_SIP; + srt_process_context->proto=PROTO_SIP; return 1; } } @@ -1845,7 +1271,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru ret=rdpudp_protocol_identify((const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, (unsigned int)a_stream->threadnum); if(ret==1) { - context->proto=PROTO_RDP; + srt_process_context->proto=PROTO_RDP; return 1; } } @@ -1857,11 +1283,11 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru { char sni_buff[512]={0}; int sni_len=sizeof(sni_buff); - context->proto = PROTO_DTLS; + srt_process_context->proto = PROTO_DTLS; ret = dtls_parse_sni((const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, sni_buff, sni_len); if (ret == 0 && strlen(sni_buff) > 0) { - context->domain = malloc_copy_string(sni_buff, sni_len, a_stream->threadnum); + srt_process_context->dtls_sni = malloc_copy_string(sni_buff, sni_len, a_stream->threadnum); return 1; } } @@ -1871,49 +1297,58 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru break; } - if(context->protoproto>PROTO_MAX) + if(srt_process_context->protoproto>PROTO_MAX) { - context->proto = PROTO_UNKONWN; + srt_process_context->proto = PROTO_UNKONWN; } return ret; } -int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct gather_app_result *identify_result, int thread_seq) + +static size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, char *domain, int table_idx, struct maat_state *s_mid, maat_rule *results, size_t n_result) { - int i=0,hit_num=0; + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute!=NULL && domain!=NULL && table_idx>=0) + { + srt_attribute->n_fqdn_category_ids=tsg_get_fqdn_category_ids(g_tsg_maat_feather, domain, srt_attribute->fqdn_category_ids, MAX_CATEGORY_ID_NUM); + return tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_attribute->fqdn_category_ids, srt_attribute->n_fqdn_category_ids, table_idx, s_mid, results, n_result); + } + + return 0; +} + +size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, struct maat_rule *results, size_t n_results, struct session_runtime_process_context *srt_process_context, struct gather_app_result *identify_result, int thread_seq) +{ + size_t hit_num=0; int hited_app_id=0; int after_n_packets=0; - char *name=NULL; - char app_id_buff[32]={0}; - struct app_id_dict *dict=NULL; - struct Maat_rule_t *p_result, *d_result=NULL; + struct maat_rule *p_result, *d_result=NULL; - for(i=0; i< identify_result->app_num; i++) + for(int i=0; i< identify_result->app_num; i++) { - snprintf(app_id_buff, sizeof(app_id_buff), "%u", identify_result->attributes[i].app_id); - dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); + struct app_id_dict *dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, (long long)identify_result->attributes[i].app_id); if(dict!=NULL) { - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->risk, (char *)"risk", thread_seq); - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->category, (char *)"category", thread_seq); - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->technology, (char *)"technology", thread_seq); - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq); - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq); - - hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->attributes[i].app_id, thread_seq); + hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->risk, (char *)"risk", (srt_process_context->mid), results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->category, (char *)"category", (srt_process_context->mid), results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->technology, (char *)"technology", (srt_process_context->mid), results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->subcategory, (char *)"subcategory", (srt_process_context->mid), results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->characteristics, (char *)"characteristics", (srt_process_context->mid), results+hit_num, n_results-hit_num); + + hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, identify_result->attributes[i].app_id, (srt_process_context->mid), results+hit_num, n_results-hit_num); after_n_packets=dict->deny_app_para.after_n_packets; - set_app_timeout(a_stream, dict, &(context->timeout)); - app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); + set_app_timeout(a_stream, dict, &(srt_process_context->timeout)); + + plugin_ex_data_app_id_dict_free(dict); } else { - name=tsg_l7_protocol_id2name(identify_result->attributes[i].app_id); - hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->attributes[i].app_id, thread_seq); + hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, identify_result->attributes[i].app_id, (srt_process_context->mid), results+hit_num, n_results-hit_num); } - p_result=tsg_fetch_deny_rule(result, hit_num); + p_result=tsg_select_deny_rule(results, hit_num); if(d_result==NULL) { d_result=p_result; @@ -1921,7 +1356,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct continue; } - if(d_result->config_id!=p_result->config_id) + if(d_result->rule_id!=p_result->rule_id) { d_result=p_result; hited_app_id=identify_result->attributes[i].app_id; @@ -1932,208 +1367,218 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct { if(identify_result->origin!=ORIGIN_BASIC_PROTOCOL) { - context->hited_app_id=hited_app_id; + srt_process_context->hited_app_id=hited_app_id; } - context->hited_para.hited_app_id=hited_app_id; - context->hited_para.after_n_packets=after_n_packets; + srt_process_context->hited_para.hited_app_id=hited_app_id; + srt_process_context->hited_para.after_n_packets=after_n_packets; } else { - if(identify_result->origin==ORIGIN_BASIC_PROTOCOL && after_n_packets>0) //for tsg_protocol_t + if(identify_result->origin==ORIGIN_BASIC_PROTOCOL && after_n_packets>0) //for enum TSG_PROTOCOL { - context->hited_para.after_n_packets=after_n_packets; + srt_process_context->hited_para.after_n_packets=after_n_packets; } } return hit_num; } -static int master_deal_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *shaping_result, int shaping_result_num) +static unsigned char matched_security_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *security_rules, size_t n_security_rules, const void *a_packet, int thread_seq) { - set_shaping_result_to_bridge(a_stream, shaping_result, shaping_result_num, a_stream->threadnum); - - return 0; -} - -static int master_deal_s_chaining_result(const struct streaminfo *a_stream, struct Maat_rule_t *s_chaining_result, int s_chaining_result_num) -{ - set_s_chaining_result_to_bridge(a_stream, s_chaining_result, s_chaining_result_num, a_stream->threadnum); - - return 0; -} - -static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet) -{ - struct Maat_rule_t *p_result=NULL; unsigned char state=APP_STATE_GIVEME; - struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; - - int security_result_num=tsg_fetch_hited_security_result(result, hit_num, security_result, MAX_RESULT_NUM); - p_result=tsg_policy_decision_criteria(security_result, security_result_num); - if(p_result!=NULL) + struct maat_rule *p_rule=matched_rules_decision_criteria(security_rules, n_security_rules); + if(p_rule->action==TSG_ACTION_SHUNT) { - print_hit_path(a_stream, context); - switch((unsigned char)p_result->action) - { - case TSG_ACTION_DENY: - if(context->proto==PROTO_DNS) /* deal action of deny in firewall */ - { - break; - } - - if(is_deny_application(p_result)) - { - if(context->hited_para.hited_app_id==0) - { - context->hited_para.hited_app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[context->proto].name); - } - - set_hited_app_id_to_tcpall(a_stream, context->hited_para.hited_app_id, a_stream->threadnum); - state=tsg_deny_application(a_stream, p_result, context->proto, context->hited_para.hited_app_id, ACTION_RETURN_TYPE_APP, a_packet); - } - else - { - state=tsg_deal_deny_action(a_stream, p_result, context->proto, ACTION_RETURN_TYPE_APP, a_packet); - } - - if(is_deny_after_N_packets(p_result)) - { - set_security_result_to_bridge(a_stream, p_result, 1, PULL_FW_RESULT, a_stream->threadnum); - if(a_stream->type==STREAM_TYPE_TCP) - { - break; - } - } - - if(context->hited_result==NULL) - { - context->hited_result=(struct Maat_rule_t *)dictator_malloc(1, sizeof(struct Maat_rule_t)); - memcpy(context->hited_result, p_result, sizeof(struct Maat_rule_t)); - } - break; - case TSG_ACTION_MONITOR: - if(context->proto==PROTO_RTP) - { - break; - } - tsg_notify_hited_monitor_result(a_stream, result, hit_num, a_stream->threadnum); - set_security_result_to_bridge(a_stream, security_result, security_result_num, PULL_FW_RESULT, a_stream->threadnum); - break; - case TSG_ACTION_BYPASS: - context->is_hited_allow=1; - context->hited_result=(struct Maat_rule_t *)dictator_malloc(1, sizeof(struct Maat_rule_t)); - memcpy(context->hited_result, p_result, sizeof(struct Maat_rule_t)); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); - state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; - - set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_ALLOW, a_stream->threadnum); - break; - case TSG_ACTION_INTERCEPT: - if(is_intercept_exclusion(a_stream, p_result, context->domain, a_stream->threadnum)) - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_EXCLUSION], 0, FS_OP_ADD, 1); - break; - } - - set_security_result_to_bridge(a_stream, p_result, 1, PULL_KNI_RESULT, a_stream->threadnum); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); - state=APP_STATE_DROPME|APP_STATE_KILL_OTHER; - - set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum); - break; - default: - break; - } - - set_log_field_to_project(a_stream, context->domain, context->para, context->proto, a_stream->threadnum); + srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_SHUNT, a_stream->threadnum); + return APP_STATE_DROPME|APP_STATE_KILL_OTHER; } - struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; - int shaping_result_num=tsg_fetch_hited_shaping_result(result, hit_num, shaping_result, MAX_RESULT_NUM); - if(state==APP_STATE_GIVEME && shaping_result_num>0) + switch(p_rule->action) { - master_deal_shaping_result(a_stream, shaping_result, shaping_result_num); + case TSG_ACTION_DENY: + if(srt_process_context->proto==PROTO_DNS) /* deal action of deny in firewall */ + { + break; + } + + if(is_deny_application(p_rule)) + { + if(srt_process_context->hited_para.hited_app_id==0) + { + srt_process_context->hited_para.hited_app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name); + } + + srt_action_context_set_hitted_app_id(a_stream, srt_process_context->hited_para.hited_app_id, a_stream->threadnum); + state=tsg_enforing_deny_application(a_stream, p_rule, srt_process_context->proto, srt_process_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_APP, a_packet); + } + else + { + state=tsg_enforing_deny(a_stream, p_rule, srt_process_context->proto, ACTION_RETURN_TYPE_APP, a_packet); + } + + if(is_deny_after_N_packets(p_rule)) + { + session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, p_rule, 1, a_stream->threadnum); + if(a_stream->type==STREAM_TYPE_TCP) + { + break; + } + } + + if(srt_process_context->hited_result==NULL) + { + srt_process_context->hited_result=(struct maat_rule *)dictator_malloc(1, sizeof(struct maat_rule)); + memcpy(srt_process_context->hited_result, p_rule, sizeof(struct maat_rule)); + } + break; + case TSG_ACTION_MONITOR: + if(srt_process_context->proto==PROTO_RTP) + { + break; + } + session_packet_capture_notify(a_stream, security_rules, n_security_rules, a_stream->threadnum); + session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, security_rules, n_security_rules, a_stream->threadnum); + break; + case TSG_ACTION_BYPASS: + srt_process_context->is_hited_allow=1; + srt_process_context->hited_result=(struct maat_rule *)dictator_malloc(1, sizeof(struct maat_rule)); + memcpy(srt_process_context->hited_result, p_rule, sizeof(struct maat_rule)); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); + state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; + + srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_ALLOW, a_stream->threadnum); + break; + case TSG_ACTION_INTERCEPT: + if(tsg_scan_intercept_exclusion(a_stream, g_tsg_maat_feather, p_rule, srt_process_context->domain, a_stream->threadnum)) + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_EXCLUSION], 0, FS_OP_ADD, 1); + break; + } + + session_matched_rules_notify(a_stream, TSG_SERVICE_INTERCEPT, p_rule, 1, a_stream->threadnum); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); + state=APP_STATE_DROPME|APP_STATE_KILL_OTHER; + + srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum); + break; + default: + break; + } + + return state; +} + +int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_results, size_t n_shaping_results, int thread_seq) +{ + session_state_sync_in_activing(a_stream, TSG_SERVICE_SHAPING, shaping_results, n_shaping_results, thread_seq); + + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, 1); + srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq); + + return 0; +} + +int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *s_chaining_rules, size_t n_s_chaining_rules, int thread_seq) +{ + session_state_sync_in_activing(a_stream, TSG_SERVICE_CHAINING, s_chaining_rules, n_s_chaining_rules, thread_seq); + srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq); + + return 0; +} + +unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *rules, size_t n_rules, const void *a_packet) +{ + unsigned char state=APP_STATE_GIVEME; + struct maat_rule security_rules[MAX_RESULT_NUM]={0}; + size_t n_security_rules=tsg_select_matched_security_rules(rules, n_rules, security_rules, MAX_RESULT_NUM); + if(n_security_rules>0) + { + state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum); + } + + struct maat_rule shaping_rules[MAX_RESULT_NUM]={0}; + size_t n_shaping_rules=tsg_select_matched_shaping_rules(rules, n_rules, shaping_rules, MAX_RESULT_NUM); + if(n_shaping_rules>0 && !(state&APP_STATE_KILL_OTHER)) + { + matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, a_stream->threadnum); } - struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0}; - int s_chaining_result_num=tsg_fetch_hited_s_chaining_result(result, hit_num, s_chaining_result, MAX_RESULT_NUM); - if(state==APP_STATE_GIVEME && s_chaining_result_num>0) + struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0}; + size_t n_s_chaining_rules=tsg_select_matched_service_chaining_rules(rules, n_rules, s_chaining_rules, MAX_RESULT_NUM); + if(n_s_chaining_rules>0 && !(state&APP_STATE_KILL_OTHER)) { - master_deal_s_chaining_result(a_stream, s_chaining_result, s_chaining_result_num); + matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum); } return state; } -int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) +int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) { - struct master_context *context=NULL; - struct gather_app_result *gather_result=NULL; - struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}; - struct app_identify_result *identify_result=(struct app_identify_result *)data; - if(data==NULL) { return 0; } - context=(struct master_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id); - if(context==NULL) + struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_get(a_stream); + if(srt_process_context==NULL) { - init_context((void **)(&context), a_stream->threadnum); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id, (void *)context); + init_context((void **)(&srt_process_context), a_stream->threadnum); + session_runtime_process_context_async(a_stream, (void *)srt_process_context); } - gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); + struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); if(gather_result==NULL) { gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX); memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result); + session_gather_app_results_async(a_stream, (void *)gather_result); } - + + struct app_identify_result *identify_result=(struct app_identify_result *)data; switch(identify_result->origin) { break; case ORIGIN_QM_ENGINE: - context->is_app_link=FLAG_TRUE; + srt_process_context->is_app_link=FLAG_TRUE; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1); break; case ORIGIN_USER_DEFINE: - context->is_app_link=FLAG_TRUE; + srt_process_context->is_app_link=FLAG_TRUE; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1); break; case ORIGIN_BUILT_IN: - context->is_app_link=FLAG_TRUE; + srt_process_context->is_app_link=FLAG_TRUE; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1); break; case ORIGIN_BASIC_PROTOCOL: - context->is_app_link=FLAG_TRUE; - if(context->proto==PROTO_UNKONWN || context->proto==PROTO_APP) + srt_process_context->is_app_link=FLAG_TRUE; + if(srt_process_context->proto==PROTO_UNKONWN || srt_process_context->proto==PROTO_APP) { - set_l7_protocol_to_pme(context, identify_result->app_id[identify_result->app_id_num-1]); + srt_process_context_set_l7_protocol(srt_process_context, identify_result->app_id[identify_result->app_id_num-1]); } break; case ORIGIN_UNKNOWN: - context->is_app_link=FLAG_TRUE; + srt_process_context->is_app_link=FLAG_TRUE; break; default: MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level)); return 0; } - copy_app_result(&(gather_result[identify_result->origin]), identify_result, get_packet_sequence(a_stream)); + app_gather_results_update(&(gather_result[identify_result->origin]), identify_result, get_packet_sequence(a_stream)); - if(context->mid==NULL) + if(srt_process_context->mid==NULL) { return 0; } - - context->last_scan_time=get_current_time_ms(); - int hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, &(gather_result[identify_result->origin]), a_stream->threadnum); - context->sync_cb_state=master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL); + struct maat_rule scan_results[MAX_TSG_ALL_RESULT_NUM]={0}; + srt_process_context->last_scan_time=tsg_get_current_time_ms(); + size_t hit_num=session_app_id_and_properties_scan((struct streaminfo *)a_stream, scan_results, MAX_TSG_ALL_RESULT_NUM, srt_process_context, &(gather_result[identify_result->origin]), a_stream->threadnum); + + srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, scan_results, hit_num, NULL); return 0; } @@ -2144,83 +1589,89 @@ int session_flags_identify_result_cb(const struct streaminfo *a_stream, int brid return 0; } - struct master_context *context=NULL; - struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}; - - context=(struct master_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id); - if(context==NULL) + struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_get(a_stream); + if(srt_process_context==NULL) { - init_context((void **)(&context), a_stream->threadnum); - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id, (void *)context); + init_context((void **)(&srt_process_context), a_stream->threadnum); + session_runtime_process_context_async(a_stream, (void *)srt_process_context); } - context->session_flag=*(unsigned long *)(data); - set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_SESSION_FLAGS, data, sizeof(unsigned long), a_stream->threadnum); + srt_process_context->session_flag=*(unsigned long *)(data); + srt_attribute_set_flags(a_stream, srt_process_context->session_flag); - if(context->mid==NULL) + if(srt_process_context->mid==NULL) { return 0; } - - int hit_num=tsg_scan_session_flags(g_tsg_maat_feather, a_stream, scan_result, MAX_RESULT_NUM, &context->mid, g_tsg_para.table_id[TABLE_SESSION_FLAGS], context->session_flag, a_stream->threadnum); - - context->sync_cb_state=master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL); + + struct maat_rule scan_results[MAX_TSG_ALL_RESULT_NUM]={0}; + size_t hit_num=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), scan_results, MAX_TSG_ALL_RESULT_NUM); + srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, scan_results, hit_num, NULL); return 0; } - -static int deal_pending_state(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int result_num, void *a_packet) +static size_t session_pending_state_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *results, int n_results, void *a_packet) { - int hit_num=0; - - int ret=identify_application_protocol(a_stream, context, a_packet); + size_t hit_num=0; + int ret=session_l7_protocol_idnetify(a_stream, srt_process_context, a_packet); if(ret==1) { - set_l7_protocol_label(a_stream, context->proto); - context->is_app_link=FLAG_TRUE; - set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)&(context->proto), sizeof(int), a_stream->threadnum); + session_app_gather_results_set_l7_protocol(a_stream, srt_process_context->proto); + srt_process_context->is_app_link=FLAG_TRUE; + srt_attribute_set_protocol(a_stream, srt_process_context->proto); - if(context->proto==PROTO_SSL) + if(srt_process_context->proto==PROTO_SSL) { - set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_JA3_HASH, NULL, 0, a_stream->threadnum); + struct _ssl_ja3_info_t *ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum); + if(ja3_info!=NULL) + { + if(ja3_info->fp!=NULL && ja3_info->fp_len>0) + { + char *ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1); + memset(ja3_fingerprint, 0, ja3_info->fp_len+1); + memcpy(ja3_fingerprint, ja3_info->fp, ja3_info->fp_len); + srt_attribute_set_ja3_fingprint(a_stream, ja3_fingerprint); + } + } } - int table_id=get_table_id(context->proto); - hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, result_num-hit_num, &context->mid, table_id, a_stream->threadnum); - hit_num+=scan_fqdn_category_id(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, result_num-hit_num, &context->mid, table_id, a_stream->threadnum); - if(context->is_esni) + int table_idx=tsg_table_idx_get_by_protocol(srt_process_context->proto); + hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num); + if(srt_process_context->is_esni) { unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI"); - hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &context->mid, (char *)"ESNI", protocol_id, a_stream->threadnum); + hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), results+hit_num, n_results-hit_num); } - if(context->proto==PROTO_HTTP && context->http_url!=NULL) + if(srt_process_context->proto==PROTO_HTTP && srt_process_context->http_url!=NULL) { - hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_stream, context->http_url, result+hit_num, result_num-hit_num, &context->mid, g_tsg_para.table_id[TABLE_HTTP_URL], a_stream->threadnum); + table_idx=tsg_http_url_table_idx_get(); + hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->http_url, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num); } } - ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, result+hit_num, result_num-hit_num); + ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), results+hit_num, n_results-hit_num); if(ret>0) { hit_num+=ret; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); } - struct gather_app_result *gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); + struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); for(int i=0; ithreadnum); + hit_num+=session_app_id_and_properties_scan(a_stream, results+hit_num, n_results-hit_num, srt_process_context, &(gather_result[i]), a_stream->threadnum); } - hit_num+=tsg_scan_session_flags(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &context->mid, g_tsg_para.table_id[TABLE_SESSION_FLAGS], context->session_flag, a_stream->threadnum); + hit_num+=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), results+hit_num, n_results-hit_num); - if((is_only_monitor(result, hit_num)) && context->proto==PROTO_DNS) // business deal action of monitor + if((is_only_monitor(results, hit_num)) && srt_process_context->proto==PROTO_DNS) // business deal action of monitor { hit_num=0; } @@ -2230,111 +1681,109 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, void **pme, int thread_seq,void *a_packet) { - int i=0,ret=0,hit_num=0; + int i=0,ret=0; + size_t hit_num=0; unsigned char state=APP_STATE_GIVEME; - Maat_rule_t hited_result[MAX_TSG_ALL_RESULT_NUM]; + struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM]; struct gather_app_result *gather_result=NULL; - struct master_context *context=(struct master_context *)*pme; + struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)*pme; struct app_identify_result unknown_result; if(*pme==NULL) { - context=(struct master_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id); - if(context==NULL) + srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_get(a_stream); + if(srt_process_context==NULL) { init_context(pme, thread_seq); - context=(struct master_context *)*pme; - tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id, *pme); + srt_process_context=(struct session_runtime_process_context *)*pme; + session_runtime_process_context_async(a_stream, *pme); } else { - *pme=(void *)context; + *pme=(void *)srt_process_context; + } + srt_process_context->last_scan_time=tsg_get_current_time_ms(); + + if(srt_process_context->mid==NULL) + { + srt_process_context->mid=maat_state_new(g_tsg_maat_feather, thread_seq); } - context->last_scan_time=get_current_time_ms(); } switch(a_stream->opstate) { case OP_STATE_PENDING: if(a_stream->type==STREAM_TYPE_TCP) - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1); + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1); } else { FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1); } - hit_num+=deal_pending_state(a_stream, context, hited_result+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, a_packet); - state=master_deal_scan_result(a_stream, context, hited_result, hit_num, a_packet); - context->deal_pkt_num++; + hit_num+=session_pending_state_deal(a_stream, srt_process_context, matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, a_packet); + state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet); + srt_process_context->deal_pkt_num++; break; case OP_STATE_DATA: - if(context->is_app_link==FLAG_FALSE && (context->deal_pkt_num++) == (g_tsg_para.identify_app_max_pkt_num+1)) + if(srt_process_context->is_app_link==FLAG_FALSE && (srt_process_context->deal_pkt_num++) == (g_tsg_para.identify_app_max_pkt_num+1)) { unknown_result.app_id_num=1; unknown_result.surrogate_id[0]=0; unknown_result.origin=ORIGIN_UNKNOWN; unknown_result.app_id[0]=g_tsg_para.unknown_app_id; - - app_identify_result_cb(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].id, (void *)&unknown_result); + + session_app_identify_result_cb(a_stream, 0, (void *)&unknown_result); } - if(context->is_hited_allow) + if(srt_process_context->is_hited_allow) { state=APP_STATE_KILL_OTHER|APP_STATE_GIVEME; break; } - if(context->sync_cb_state&APP_STATE_KILL_OTHER || context->sync_cb_state&APP_STATE_DROPPKT) + if(srt_process_context->sync_cb_state&APP_STATE_KILL_OTHER || srt_process_context->sync_cb_state&APP_STATE_DROPPKT) { //tcpall, udp -> allow, Deny(after drop N packets) - state=context->sync_cb_state|APP_STATE_DROPME; + state=srt_process_context->sync_cb_state|APP_STATE_DROPME; break; } - if(get_current_time_ms()-context->last_scan_time < (g_tsg_para.scan_time_interval*1000)) + if(tsg_get_current_time_ms()-srt_process_context->last_scan_time < (g_tsg_para.scan_time_interval*1000)) { break; } - if(context->mid!=NULL) + if(srt_process_context->mid!=NULL) { - Maat_clean_status(&context->mid); - context->mid=NULL; + maat_state_free(srt_process_context->mid); + srt_process_context->mid=NULL; } - context->last_scan_time=get_current_time_ms(); - ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, hited_result+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num); + srt_process_context->last_scan_time=tsg_get_current_time_ms(); + ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num); if(ret>0) { hit_num+=ret; } - gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); + gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); for(i=0; isession_flag>0) + if(srt_process_context->session_flag>0) { - hit_num+=tsg_scan_session_flags(g_tsg_maat_feather, - a_stream, - hited_result+hit_num, - MAX_TSG_ALL_RESULT_NUM-hit_num, - &context->mid, - g_tsg_para.table_id[TABLE_SESSION_FLAGS], - context->session_flag, - thread_seq - ); + hit_num+=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num); } - state=master_deal_scan_result(a_stream, context, hited_result, hit_num, a_packet); + state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet); break; default: break; @@ -2342,9 +1791,9 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME) { - if(context->hited_result) + if(srt_process_context->hited_result) { - master_send_log(a_stream, context->hited_result, 1, context, thread_seq); + session_runtime_process_log_send(a_stream, srt_process_context->hited_result, 1, srt_process_context, thread_seq); } *pme=NULL; } @@ -2356,64 +1805,64 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns { int ret=0; int eth_rawpkt_len=0; - scan_status_t scan_mid=NULL; - struct Maat_rule_t *p_result=NULL; + struct maat_rule *p_result=NULL; unsigned char state=APP_STATE_GIVEME; - struct Maat_rule_t hited_result[MAX_TSG_ALL_RESULT_NUM]={0}; - struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; - struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; - struct tcpall_context *all_context=(struct tcpall_context *)(*pme); - struct policy_priority_label *priority_label=NULL; + struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM]={0}; + struct maat_rule security_results[MAX_RESULT_NUM]={0}; + struct maat_rule shaping_results[MAX_RESULT_NUM]={0}; + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)(*pme); - if(stream_state==OP_STATE_PENDING && all_context->method_type!=TSG_METHOD_TYPE_ALLOW && !(all_context->udp_data_dropme)) + if(stream_state==OP_STATE_PENDING && srt_action_context->method_type!=TSG_METHOD_TYPE_SHUNT && !(srt_action_context->udp_data_dropme)) { - if(all_context->method_type==TSG_METHOD_TYPE_UNKNOWN) - { - all_context->method_type=TSG_METHOD_TYPE_DEFAULT; - all_context->default_policy_after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id); + if(srt_action_context->method_type==TSG_METHOD_TYPE_UNKNOWN) + { + srt_action_context->method_type=TSG_METHOD_TYPE_DEFAULT; + srt_action_context->default_policy_after_n_packets=get_default_para(a_stream); } + - int hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, hited_result, MAX_TSG_ALL_RESULT_NUM); + struct maat_state *scan_mid=maat_state_new(g_tsg_maat_feather, thread_seq); + int hit_num=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, PROTO_UNKONWN, scan_mid, matched_rules, MAX_TSG_ALL_RESULT_NUM); if(hit_num>0) { - int security_result_num=tsg_fetch_hited_security_result(hited_result, hit_num, security_result, MAX_RESULT_NUM); - p_result=tsg_policy_decision_criteria(security_result, security_result_num); + int security_result_num=tsg_select_matched_security_rules(matched_rules, hit_num, security_results, MAX_RESULT_NUM); + p_result=matched_rules_decision_criteria(security_results, security_result_num); if(p_result!=NULL) { switch(p_result->action) { case TSG_ACTION_DENY: - state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); - master_send_log(a_stream, p_result, 1, NULL, thread_seq); + state=tsg_enforing_deny(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); + session_runtime_process_log_send(a_stream, p_result, 1, NULL, thread_seq); break; case TSG_ACTION_MONITOR: - tsg_notify_hited_monitor_result(a_stream, security_result, hit_num, thread_seq); - set_security_result_to_bridge(a_stream, security_result, security_result_num, PULL_FW_RESULT,thread_seq); + session_packet_capture_notify(a_stream, security_results, hit_num, thread_seq); + session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, security_results, security_result_num,thread_seq); break; default: break; } } - int shaping_result_num=tsg_fetch_hited_shaping_result(hited_result, hit_num, shaping_result, MAX_RESULT_NUM); - if(state==APP_STATE_GIVEME && shaping_result_num>0) + size_t n_shaping_results=tsg_select_matched_shaping_rules(matched_rules, hit_num, shaping_results, MAX_RESULT_NUM); + if(state==APP_STATE_GIVEME && n_shaping_results>0) { - master_deal_shaping_result(a_stream, shaping_result, shaping_result_num); + matched_shaping_rules_deal(a_stream, shaping_results, n_shaping_results, thread_seq); } - struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0}; - int s_chaining_result_num=tsg_fetch_hited_s_chaining_result(hited_result, hit_num, s_chaining_result, MAX_RESULT_NUM); - if(state==APP_STATE_GIVEME && s_chaining_result_num>0) + struct maat_rule s_chaining_result[MAX_RESULT_NUM]={0}; + size_t n_s_chaining_results=tsg_select_matched_service_chaining_rules(matched_rules, hit_num, s_chaining_result, MAX_RESULT_NUM); + if(state==APP_STATE_GIVEME && n_s_chaining_results>0) { - master_deal_s_chaining_result(a_stream, s_chaining_result, s_chaining_result_num); + matched_service_chaining_rules_deal(a_stream, s_chaining_result, n_s_chaining_results, thread_seq); } } - Maat_clean_status(&scan_mid); + maat_state_free(scan_mid); scan_mid=NULL; } - switch(all_context->method_type) + switch(srt_action_context->method_type) { case TSG_METHOD_TYPE_RATE_LIMIT: eth_rawpkt_len=get_raw_packet_len(a_stream); @@ -2422,56 +1871,59 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns break; } - ret=is_permit_pass(eth_rawpkt_len*8, all_context->bucket, thread_seq); + ret=is_permit_pass(eth_rawpkt_len*8, srt_action_context->bucket, thread_seq); if(ret==0) { state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; } break; case TSG_METHOD_TYPE_TAMPER: - if(0 == send_tamper_xxx(a_stream, &all_context->tamper_count, a_packet)) + if(0 == send_tamper_xxx(a_stream, &srt_action_context->tamper_count, a_packet)) { state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; } break; case TSG_METHOD_TYPE_DEFAULT: - if(!is_do_default_policy(a_stream, all_context->default_policy_after_n_packets) || stream_state==OP_STATE_CLOSE) + if(!is_do_default_policy(a_stream, srt_action_context->default_policy_after_n_packets) || stream_state==OP_STATE_CLOSE) { break; } - if(get_default_policy(g_tsg_para.default_compile_id, &security_result[0])) + if(get_default_policy(&security_results[0])) { - state=tsg_deal_deny_action(a_stream, &security_result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); - master_send_log(a_stream, &security_result[0], 1, NULL, thread_seq); + state=tsg_enforing_deny(a_stream, &security_results[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); + session_runtime_process_log_send(a_stream, &security_results[0], 1, NULL, thread_seq); } break; case TSG_METHOD_TYPE_DROP: case TSG_METHOD_TYPE_APP_DROP: // contain hited current packet, platform calls tcp first and tcpall secondary. - if(((all_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_TCP) || - ((all_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_UDP) + if(((srt_action_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_TCP) || + ((srt_action_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_UDP) || stream_state==OP_STATE_CLOSE) { - all_context->hited_para.after_n_packets--; + srt_action_context->hited_para.after_n_packets--; break; } - priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); + ret=session_matched_rules_copy(a_stream, TSG_SERVICE_SECURITY, &(security_results[0]), 1); //ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &security_result[0], 1, &tmp_identify_info); - if(priority_label==NULL || priority_label->security_result[0].action!=TSG_ACTION_DENY) + if(ret<=0 || security_results[0].action!=TSG_ACTION_DENY) { break; } - if(all_context->hited_para.hited_app_id<=0) + if(srt_action_context->hited_para.hited_app_id<=0) { - state=tsg_deal_deny_action(a_stream, &priority_label->security_result[0], all_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet); + state=tsg_enforing_deny(a_stream, &(security_results[0]), srt_action_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet); } else { - state=tsg_deny_application(a_stream, &priority_label->security_result[0], all_context->protocol, all_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet); + state=tsg_enforing_deny_application(a_stream, &(security_results[0]), srt_action_context->protocol, srt_action_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet); } break; + case TSG_METHOD_TYPE_SHUNT: + return APP_STATE_DROPME|APP_STATE_KILL_OTHER; + break; default: break; } @@ -2488,7 +1940,7 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo { unsigned char state1=APP_STATE_GIVEME; unsigned char state2=APP_STATE_GIVEME; - struct udp_context *context=(struct udp_context *)(*pme); + struct udp_session_runtime_context *udp_srt_context=(struct udp_session_runtime_context *)(*pme); if(*pme==NULL) { @@ -2500,33 +1952,33 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo return APP_STATE_DROPME; } - send_control_packet_in_pending(a_udp, a_udp->opstate); + session_state_sync_in_opening_and_closing(a_udp, a_udp->opstate); - *pme=dictator_malloc(thread_seq, sizeof(struct udp_context)); - memset(*pme, 0, sizeof(struct udp_context)); - context=(struct udp_context *)(*pme); + *pme=dictator_malloc(thread_seq, sizeof(struct udp_session_runtime_context)); + memset(*pme, 0, sizeof(struct udp_session_runtime_context)); + udp_srt_context=(struct udp_session_runtime_context *)(*pme); - context->all_entry=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(context->all_entry, 0, sizeof(struct tcpall_context)); - tsg_set_xxx_to_bridge(a_udp, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)(context->all_entry)); + udp_srt_context->srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); + memset(udp_srt_context->srt_action_context, 0, sizeof(struct session_runtime_action_context)); + session_runtime_action_context_async(a_udp, (void *)(udp_srt_context->srt_action_context)); - context->all_entry->direction=get_direction(a_udp); + udp_srt_context->srt_action_context->direction=get_direction(a_udp); } - if(context->all_entry->udp_data_dropme==0) + if(udp_srt_context->srt_action_context->udp_data_dropme==0) { - state2=tsg_master_data_entry(a_udp, (void **)&(context->data_entry), thread_seq, a_packet); + state2=tsg_master_data_entry(a_udp, (void **)&(udp_srt_context->srt_process_context), thread_seq, a_packet); } - if(!(state2&APP_STATE_DROPME) || context->all_entry->hited_para.after_n_packets>0) + if(!(state2&APP_STATE_DROPME) || udp_srt_context->srt_action_context->hited_para.after_n_packets>0) { if(state2&APP_STATE_DROPME) { - context->all_entry->udp_data_dropme=1; + udp_srt_context->srt_action_context->udp_data_dropme=1; state2=state2&(~(APP_STATE_DROPME)); } - state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(context->all_entry), thread_seq, a_packet); + state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(udp_srt_context->srt_action_context), thread_seq, a_packet); } if(state1&APP_STATE_DROPME || state2&APP_STATE_DROPME || a_udp->opstate==OP_STATE_CLOSE) @@ -2534,7 +1986,7 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo dictator_free(thread_seq, *pme); *pme=NULL; - send_control_packet_in_closing(a_udp, a_udp->opstate); + session_state_sync_in_opening_and_closing(a_udp, a_udp->opstate); } return (state1|state2); @@ -2542,33 +1994,33 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq, const void *a_packet) { - struct tcpall_context *_context=(struct tcpall_context *)(*pme); + struct session_runtime_action_context *_context=(struct session_runtime_action_context *)(*pme); if(*pme==NULL) { - send_control_packet_in_pending(a_tcp, a_tcp->pktstate); - *pme=(void *)tsg_get_xxx_from_bridge(a_tcp, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); + session_state_sync_in_opening_and_closing(a_tcp, a_tcp->pktstate); + *pme=(void *)session_runtime_action_context_get(a_tcp); if(*pme==NULL) { - *pme=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(*pme, 0, sizeof(struct tcpall_context)); - tsg_set_xxx_to_bridge(a_tcp, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)(*pme)); + *pme=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); + memset(*pme, 0, sizeof(struct session_runtime_action_context)); + session_runtime_action_context_async(a_tcp, (void *)(*pme)); } - _context=(struct tcpall_context *)(*pme); + _context=(struct session_runtime_action_context *)(*pme); _context->direction=get_direction(a_tcp); } if(_context->set_latency_flag==0) { - _context->set_latency_flag=set_tcp_establish_latency_ms(a_tcp, thread_seq, a_packet); + _context->set_latency_flag=session_tcp_establish_latency_ms_set(a_tcp, thread_seq, a_packet); } unsigned char state=tsg_master_all_entry(a_tcp, a_tcp->pktstate, pme, thread_seq, a_packet); if(state&APP_STATE_DROPME || a_tcp->pktstate==OP_STATE_CLOSE) { - send_control_packet_in_closing(a_tcp, a_tcp->pktstate); + session_state_sync_in_opening_and_closing(a_tcp, a_tcp->pktstate); } return state; @@ -2577,14 +2029,13 @@ extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, extern "C" int TSG_MASTER_INIT() { int ret=0; - char label_buff[128]={0}; char device_sn_filename[128]={0}; char identify_proto_name[256]={0}; memset(&g_tsg_para, 0, sizeof(g_tsg_para)); MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &g_tsg_para.level, RLOG_LV_FATAL); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "log/tsg_master"); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "log/master"); g_tsg_para.logger=MESA_create_runtime_log_handle(g_tsg_para.log_path, g_tsg_para.level); if(g_tsg_para.logger==NULL) @@ -2603,15 +2054,10 @@ extern "C" int TSG_MASTER_INIT() MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE); MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 1); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0); MESA_load_profile_int_def(tsg_conffile, "SYSTEM","UNKNOWN_APP_ID", &g_tsg_para.unknown_app_id, 4); - g_tsg_para.default_vlan.num=1; - MESA_load_profile_int_def(tsg_conffile, "TRAFFIC_MIRROR","DEFAULT_VLAN_ID", &(g_tsg_para.default_vlan.id[0]), 2); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;Stratum;RDP;DTLS;"); - tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag); + protocol_name2flag(identify_proto_name, &g_tsg_para.proto_flag); MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0); MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300); @@ -2619,8 +2065,8 @@ extern "C" int TSG_MASTER_INIT() MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "IENTIFY_APP_MAX_PKT_NUM", &g_tsg_para.identify_app_max_pkt_num, 20); MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "FEATURE_TAMPER", &g_tsg_para.feature_tamper, 0); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SERVICE_CHAINING_SID", &g_tsg_para.service_chaining_sid, 1); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SHAPING_SID", &g_tsg_para.shaping_sid, 2); + MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SERVICE_CHAINING_SID", &g_tsg_para.service_chaining_sid, 0); + MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SHAPING_SID", &g_tsg_para.shaping_sid, 0); ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0); if(ret<0) @@ -2640,20 +2086,13 @@ extern "C" int TSG_MASTER_INIT() MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "GET_DEVICE_SN", "Get device SN failed; please check :%s", device_sn_filename); } - ret=tsg_set_device_id_to_telegraf(g_tsg_para.device_sn); + ret=device_id_set_telegraf(g_tsg_para.device_sn); if(ret<0) { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "SET_DEVICE_SN_TO_TELEGRAF", "Set device SN(%s) failed; please check :%s", g_tsg_para.device_sn, "/etc/default/telegraf"); } - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL"); - g_tsg_para.session_attribute_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label); - if(g_tsg_para.session_attribute_project_id<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); - } - - ret=tsg_init_bridge(tsg_conffile); + ret=tsg_bridge_init(tsg_conffile); if(ret<0) { return -1; @@ -2662,10 +2101,10 @@ extern "C" int TSG_MASTER_INIT() init_page_template(tsg_conffile); init_fs2_handle(tsg_conffile); - ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger); + ret=tsg_maat_rule_init(tsg_conffile); if(ret<0) { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ..."); + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_maat_rule_init failed ..."); return -1; } @@ -2675,7 +2114,6 @@ extern "C" int TSG_MASTER_INIT() MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ..."); return -1; } - g_tsg_log_instance->session_attribute_project_id=g_tsg_para.session_attribute_project_id; FS_start(g_tsg_para.fs2_handle); @@ -2686,7 +2124,7 @@ extern "C" int TSG_MASTER_INIT() return -1; } - l7_protocol_mapper(tsg_conffile); + l7_protocol_mapper_init(tsg_conffile); ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger); if(ret<0) @@ -2702,22 +2140,5 @@ extern "C" int TSG_MASTER_INIT() extern "C" int TSG_MASTER_UNLOAD() { - tsg_sendlog_destroy(g_tsg_log_instance); - tsg_statistic_destroy(); - - Maat_burn_feather(g_tsg_maat_feather); - g_tsg_maat_feather=NULL; - - if(g_tsg_para.dynamic_maat_switch==1) - { - Maat_burn_feather(g_tsg_dynamic_maat_feather); - g_tsg_dynamic_maat_feather=NULL; - } - - FS_stop(&(g_tsg_para.fs2_handle)); - - MESA_destroy_runtime_log_handle(g_tsg_para.logger); - g_tsg_para.logger=NULL; - return 0; } diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 40bddef..e5f1cea 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -1,5 +1,4 @@ -#ifndef __TSG_ENTRY_H__ -#define __TSG_ENTRY_H__ +#pragma once #include #include @@ -7,7 +6,6 @@ #include -#include #include #include "uthash.h" @@ -54,35 +52,12 @@ typedef int atomic_t; #define APP_SCAN_FLAG_STOP 0 #define APP_SCAN_FLAG_CONTINUE 1 -enum TSG_ATTRIBUTE_TYPE -{ - TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0, - TSG_ATTRIBUTE_TYPE_PROTOCOL, - TSG_ATTRIBUTE_TYPE_JA3_HASH, - TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO, - TSG_ATTRIBUTE_TYPE_LOCATION, - TSG_ATTRIBUTE_TYPE_ASN, - TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID, - TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE, - TSG_ATTRIBUTE_TYPE_CATEGORY_ID, - TSG_ATTRIBUTE_TYPE_SESSION_FLAGS, - _MAX_TSG_ATTRIBUTE_TYPE -}; - enum HTTP_RESPONSE_FORMAT { HTTP_RESPONSE_FORMAT_TEMPLATE=0, HTTP_RESPONSE_FORMAT_HTML }; -struct l7_protocol -{ - int id; /* first key */ - char name[32]; /* second key */ - UT_hash_handle hh1; /* handle for first hash table */ - UT_hash_handle hh2; /* handle for second hash table */ -}; - struct fqdn_category { int ref_cnt; @@ -112,7 +87,7 @@ struct app_id_dict char *app_name; char *parent_app_name; char *category; - char *subcategroy; + char *subcategory; char *technology; char *characteristics; struct deny_user_region deny_app_para; @@ -181,80 +156,8 @@ typedef enum tsg_statis_field_id STATIS_MAX }tsg_statis_field_id_t; -enum TRAFFIC_INFO_IDX -{ - TRAFFIC_INFO_ALLOW=0, - TRAFFIC_INFO_DENY, - TRAFFIC_INFO_MONITOR, - TRAFFIC_INFO_INTERCEPT, - TRAFFIC_INFO_MAX -}; - -typedef struct tsg_statistic -{ - int cycle; - int fs_line_id; - int thread_alive; - pthread_t stat_thread_id; - int fs_field_id[STATIS_MAX]; - long long statistic_opt[_OPT_TYPE_MAX]; - struct _traffic_info *traffic_info[TSG_ACTION_MAX+1]; - struct _traffic_info default_total_info; - screen_stat_handle_t fs2_handle; -}tsg_statis_para_t; - int tsg_statistic_init(const char *conffile, void *logger); void tsg_statistic_destroy(void); int tsg_gtp_signaling_hash_init(const char* conffile, void *logger); -long long get_current_time_ms(void); - -//parent_app_name.app_name -int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent); - -//return 18 or 19: subdivision_addr -int tsg_get_location_type(void); -void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void gtp_c_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp); - -void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp); -void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq); -int set_method_to_tcpall(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq); -int set_protocol_to_tcpall(const struct streaminfo *a_stream, tsg_protocol_t protocol, int thread_seq); -int set_bucket_to_tcpall(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq); -int set_after_n_packet_to_tcpall(const struct streaminfo *a_stream, int after_n_packets, int thread_seq); - -char get_direction_from_tcpall(const struct streaminfo *a_stream); - -void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp); - -struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq); -int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); -int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq); -int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq); -int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq); - -int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info); -struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid); - -int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE result_type, struct Maat_rule_t *p_result, tsg_protocol_t proto, int thread_seq); -int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq); -int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq); -int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq); -int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location); -int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn); -int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id); -int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq); -int tsg_scan_session_flags(Maat_feather_t maat_feather, const struct streaminfo *a_stream, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned long flag, int thread_seq); - -int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num); -int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num); -int tsg_fetch_hited_s_chaining_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *s_chaining_result, int s_chaining_result_num); - -#endif diff --git a/src/tsg_gtp_signaling.cpp b/src/tsg_gtp_signaling.cpp index 40a6482..8a27c2f 100644 --- a/src/tsg_gtp_signaling.cpp +++ b/src/tsg_gtp_signaling.cpp @@ -5,7 +5,7 @@ #include #include -#include "tsg_entry.h" +#include "tsg_rule_internal.h" #include "tsg_gtp_signaling.h" MESA_htable_handle g_gtp_signaling_hash_handle=NULL; @@ -150,7 +150,7 @@ static int get_umts_user_info_form_hash(struct umts_user_info **user_info, unsig static int get_umts_user_info_form_redis(struct umts_user_info **user_info, unsigned int teid, int thread_seq) { - (*user_info)=tsg_get_umts_user_info_form_redis(teid); + (*user_info) = tsg_get_umts_user_info_form_redis(g_tsg_maat_feather, (long long)teid); if((*user_info)!=NULL) { return 1; @@ -159,8 +159,7 @@ static int get_umts_user_info_form_redis(struct umts_user_info **user_info, unsi return 0; } - -int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info) +int session_runtine_attribute_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info) { int ret=0; unsigned int uplink=0,downlink=0; diff --git a/src/tsg_icmp.cpp b/src/tsg_icmp.cpp index 4ef118b..ef502c8 100644 --- a/src/tsg_icmp.cpp +++ b/src/tsg_icmp.cpp @@ -171,8 +171,7 @@ static void format_icmpv4(const char *raw_pkt, char *ret_icmpv4, int *ret_len){ } /* - * icmpv6数据包组装 - * [ICMPV6] = [ipv6_headr]+[icmp] + * icmpv6数据包组? * [ICMPV6] = [ipv6_headr]+[icmp] * * icmpv6的最大MTU应是ipv6的最小MTU(1280) * <本端内容来自RFC443> @@ -183,9 +182,8 @@ static void format_icmpv4(const char *raw_pkt, char *ret_icmpv4, int *ret_len){ * * [ICMPV6] = [ipv6_headr]+[icmp] * - * 计算ICMPV6的校验和: (ICMP + 伪首部) 作为计算数据部分 - * 注意: ICMPV6数据要补充成四字节对齐 - * ipv6伪首部数据: 长度 + * 计算ICMPV6的校验和?(ICMP + 伪首? 作为计算数据部分 + * 注意?ICMPV6数据要补充成四字节对? * ipv6伪首部数? 长度 * { * Soucre Address : 16 * Destination Address: 16 @@ -267,7 +265,7 @@ static void format_icmpv6(const char *raw_pkt, char *ret_icmpv6, int *ret_len){ memcpy(icmp.origin_data, raw_pkt, icmp_original_data_len); upper_layer_packet_len = htonl((int)icmp_len); - four_byte_alignment(&icmp_len, &icmp_checksum_len); //icmp_len和icmp_checksum_len 补充为4字节对齐 + four_byte_alignment(&icmp_len, &icmp_checksum_len); //icmp_len和icmp_checksum_len 补充?字节对齐 //calc icmp checksum memcpy(icmp_checksum_buf, &icmp, icmp_len); @@ -350,6 +348,6 @@ unsigned char send_icmp_unreachable(const struct streaminfo *a_stream) __FUNCTION__, debug_buf); - return STATE_DROPME|STATE_DROPPKT;; + return STATE_DROPME|STATE_DROPPKT; } diff --git a/src/tsg_protocol.cpp b/src/tsg_protocol.cpp new file mode 100644 index 0000000..9f0e448 --- /dev/null +++ b/src/tsg_protocol.cpp @@ -0,0 +1,25 @@ +#include +#include +#include +#include + +#include +#include + +int tm_get_ssl_ja3_fingerprint(const struct streaminfo *a_stream, char **ja3_fingerprint) +{ + struct _ssl_ja3_info_t *ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum); + if(ja3_info!=NULL) + { + if(ja3_info->fp!=NULL && ja3_info->fp_len>0) + { + *ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1); + memset(*ja3_fingerprint, 0, ja3_info->fp_len+1); + memcpy(*ja3_fingerprint, ja3_info->fp, ja3_info->fp_len); + return 1; + } + } + + return 0; +} + diff --git a/src/tsg_protocol_common.h b/src/tsg_protocol_common.h index a246619..6d8a4ff 100644 --- a/src/tsg_protocol_common.h +++ b/src/tsg_protocol_common.h @@ -1,5 +1,4 @@ -#ifndef __TSG_PROTOCOL_COMMON_H__ -#define __TSG_PROTOCOL_COMMON_H__ +#pragma once #include #include "tsg_rule.h" @@ -120,30 +119,29 @@ struct monitor_user_region struct default_session_para { - struct Maat_rule_t result; //XJ default policy + struct maat_rule result; //XJ default policy struct deny_user_region tcp; struct deny_user_region udp; }; struct compile_user_region { - int ref_cnt; enum TSG_METHOD_TYPE method_type; union { - struct deny_user_region *deny; - struct monitor_user_region *mirror; - struct default_session_para *session_para; - void *user_region_para; + struct deny_user_region *deny; + struct monitor_user_region *mirror; + struct default_session_para *session_para; + void *user_region_para; }; struct packet_capture capture; + struct maat_rule compile_rule; }; int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir); -unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data); +unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data); unsigned char send_icmp_unreachable(const struct streaminfo *a_stream); int send_tamper_xxx(const struct streaminfo *a_stream, long *tamper_count, const void *raw_pkt); -unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data); +unsigned char tsg_enforing_deny_application(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data); -#endif diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index fe502d5..81e283b 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -4,32 +4,20 @@ #include #include #include + +#include "MESA/http.h" +#include "MESA/cJSON.h" #include #include -#include "MESA/cJSON.h" #include "MESA/MESA_handle_logger.h" -#include "Maat_rule.h" -#include "Maat_command.h" -#include "MESA/http.h" + #include "tsg_rule.h" #include "tsg_label.h" #include "tsg_entry.h" -#include "tsg_send_log.h" -#include "tsg_send_log_internal.h" +#include "tsg_variable.h" +#include "tsg_rule_internal.h" #include "tsg_protocol_common.h" -Maat_feather_t g_tsg_maat_feather; -Maat_feather_t g_tsg_dynamic_maat_feather; - -#define MAX_PATH_LEN 1024 -#define MAX_IPV6_ADDR_LEN 128 - -enum kni_scan_table{ - TSG_FIELD_SSL_SNI, - TSG_FIELD_HTTP_HOST, - SCAN_TABLE_MAX -}; - struct str2index { int index; @@ -37,9 +25,9 @@ struct str2index char *type; }; -const char *g_kni_scan_table_name[SCAN_TABLE_MAX]; -int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0}; -extern struct id2field g_tsg_proto_name2id[PROTO_MAX]; +struct maat *g_tsg_maat_feather; +struct maat_runtime_para g_tsg_maat_rt_para; + const struct str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"}, {TSG_METHOD_TYPE_DROP, 4, (char *)"drop"}, {TSG_METHOD_TYPE_REDIRECTION, 8, (char *)"redirect"}, @@ -48,15 +36,18 @@ const struct str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKN {TSG_METHOD_TYPE_RESET, 3, (char *)"rst"}, {TSG_METHOD_TYPE_ALERT, 5, (char *)"alert"}, {TSG_METHOD_TYPE_RATE_LIMIT, 10, (char *)"rate_limit"}, - {TSG_METHOD_TYPE_MIRRORED, 8, (char *)"mirrored"}, - {TSG_METHOD_TYPE_TAMPER, 6, (char *)"tamper"}, - {TSG_METHOD_TYPE_DEFAULT, 14, (char *)"default_policy"}, // policy id=0, default policy - {TSG_METHOD_TYPE_APP_DROP, 7, (char *)"default"} // use action of app_id_dict - }; + {TSG_METHOD_TYPE_MIRRORED, 8, (char *)"mirrored"}, + {TSG_METHOD_TYPE_TAMPER, 6, (char *)"tamper"}, + {TSG_METHOD_TYPE_DEFAULT, 14, (char *)"default_policy"}, // policy id=0, default policy + {TSG_METHOD_TYPE_APP_DROP, 7, (char *)"default"}, // use action of app_id_dict + {TSG_METHOD_TYPE_ALLOW, 7, (char *)"allow"}, // use action of app_id_dict + {TSG_METHOD_TYPE_SHUNT, 7, (char *)"shunt"} // use action of app_id_dict + }; +extern const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id); +extern unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name); -//functioned as strdup, for dictator compatible. -static char* tsg_strdup(const char* s) +static char* tm_strdup(const char* s) { char*d=NULL; if(s==NULL) @@ -68,6 +59,26 @@ static char* tsg_strdup(const char* s) return d; } +enum MAAT_MODE get_maat_mode(char *maat_mode) +{ + if(strcasecmp(maat_mode, "redis")==0) + { + return MAAT_MODE_REDIS; + } + + if(strcasecmp(maat_mode, "json")==0) + { + return MAAT_MODE_JSON; + } + + if(strcasecmp(maat_mode, "file")==0) + { + return MAAT_MODE_FILE; + } + + return MAAT_MODE_MAX; +} + unsigned short get_redis_port(char *redis_port_range) { int port_num=0; @@ -140,7 +151,7 @@ static int get_column_pos(const char* line, int column_seq, size_t *offset, size { const char* seps=" \t"; char* saveptr=NULL, *subtoken=NULL, *str=NULL; - char* dup_line=tsg_strdup(line); + char* dup_line=tm_strdup(line); int i=0, ret=-1; for (str = dup_line; ; str = NULL) { @@ -160,7 +171,7 @@ static int get_column_pos(const char* line, int column_seq, size_t *offset, size return ret; } -static char* str_unescape(char* s) +static char* tm_str_unescape(char* s) { if(s==NULL) { @@ -249,14 +260,6 @@ static int get_fqdn_len(char *domain) return fqdn_len; } -static int sort_category_id(const void * a, const void * b) -{ - struct fqdn_category *x = (struct fqdn_category *) a; - struct fqdn_category *y = (struct fqdn_category *) b; - - return (int)(x->category_id - y->category_id); -} - static int get_data_center(char *accept_tag, char *effective_tag_key, char *data_center, int data_center_len) { cJSON *object=cJSON_Parse(accept_tag); @@ -295,7 +298,7 @@ static int get_data_center(char *accept_tag, char *effective_tag_key, char *data return 0; } -static void _free_field(char *field) +static void tsg_free_field(char *field) { if(field!=NULL) { @@ -304,7 +307,7 @@ static void _free_field(char *field) } } -static char *_malloc_field(const char *field_start, size_t field_len) +static char *tsg_malloc_field(const char *field_start, size_t field_len) { if(field_start==NULL || field_len==0) { @@ -323,6 +326,14 @@ static char *_malloc_field(const char *field_start, size_t field_len) return field; } +void tsg_maat_state_free(struct maat_state *state) +{ + if(state) + { + maat_state_free(state); + } +} + static int get_string_from_json(cJSON *object, const char *key, char **value) { if(object==NULL || key==NULL) @@ -360,7 +371,50 @@ static int get_integer_from_json(cJSON *object, const char *key, int *value) return 0; } -void gtp_c_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +int tsg_get_method_id(char *method) +{ + for(int i=0; i=0) + { + return tsg_malloc_field(line+offset, length); + } + + return NULL; +} + +int column_integer_get_value(const char* line, int column_seq) +{ + int ret=0; + size_t offset=0; + size_t length=0; + + ret=get_column_pos(line, column_seq, &offset, &length); + if(ret>=0) + { + return atoi(line+offset); + } + + return -1; +} + +void ex_data_gtp_c_dup(int table_id, void **to, void **from, long argl, void* argp) { if((*from)!=NULL) { @@ -372,52 +426,56 @@ void gtp_c_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA * return; } -void gtp_c_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_gtp_c_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { int imsi=3,msisdn=4,apn=5,imei=6; struct umts_user_info *user_info=(struct umts_user_info *)calloc(1, sizeof(struct umts_user_info)); - user_info->imsi=tsg_get_column_string_value(table_line, imsi); - user_info->msisdn=tsg_get_column_string_value(table_line, msisdn); - user_info->apn=tsg_get_column_string_value(table_line, apn); - user_info->imei=tsg_get_column_string_value(table_line, imei); + user_info->imsi=column_string_get_value(table_line, imsi); + user_info->msisdn=column_string_get_value(table_line, msisdn); + user_info->apn=column_string_get_value(table_line, apn); + user_info->imei=column_string_get_value(table_line, imei); - str_unescape(user_info->imsi); - str_unescape(user_info->msisdn); - str_unescape(user_info->apn); - str_unescape(user_info->imei); + tm_str_unescape(user_info->imsi); + tm_str_unescape(user_info->msisdn); + tm_str_unescape(user_info->apn); + tm_str_unescape(user_info->imei); atomic_inc(&user_info->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)user_info; + *ad=(void *)user_info; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_GTPC_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_GTPC_ADD], 0, FS_OP_ADD, 1); return; } -void gtp_c_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_gtp_c_free(int table_id, void **ad, long argl, void* argp) { if(*ad!=NULL) { struct umts_user_info *user_info=(struct umts_user_info *)(*ad); if((__sync_sub_and_fetch(&user_info->ref_cnt, 1) == 0)) { - _free_field(user_info->imsi); - _free_field(user_info->msisdn); - _free_field(user_info->apn); - _free_field(user_info->imei); + tsg_free_field(user_info->imsi); + tsg_free_field(user_info->msisdn); + tsg_free_field(user_info->apn); + tsg_free_field(user_info->imei); - _free_field((char *)(*ad)); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_GTPC_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_GTPC_DEL], 0, FS_OP_ADD, 1); } } return; } +void plugin_ex_data_gtp_c_free(struct umts_user_info *user_info) +{ + ex_data_gtp_c_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_GTP_IP2SIGNALING].id, (void **)&user_info, 0, NULL); +} -void ASN_number_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +void ex_data_asn_number_dup(int table_id, void **to, void **from, long argl, void* argp) { if((*from)!=NULL) { @@ -429,53 +487,58 @@ void ASN_number_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA * return; } -void ASN_number_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_asn_number_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { int asn_field=5; int organization_field=6; struct asn_info *asn=(struct asn_info *)calloc(1, sizeof(struct asn_info)); - asn->asn_id=tsg_get_column_string_value(table_line, asn_field); - asn->organization=tsg_get_column_string_value(table_line, organization_field); + asn->asn_id=column_string_get_value(table_line, asn_field); + asn->organization=column_string_get_value(table_line, organization_field); if(asn->asn_id==NULL && asn->organization==NULL) { - _free_field((char *)asn); + tsg_free_field((char *)asn); asn=NULL; return ; } - str_unescape(asn->asn_id); - str_unescape(asn->organization); + tm_str_unescape(asn->asn_id); + tm_str_unescape(asn->organization); atomic_inc(&asn->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)asn; + *ad=(void *)asn; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_ASN_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_ASN_ADD], 0, FS_OP_ADD, 1); return; } -void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_asn_number_free(int table_id, void **ad, long argl, void* argp) { if(*ad!=NULL) { struct asn_info *asn=(struct asn_info *)(*ad); if((__sync_sub_and_fetch(&asn->ref_cnt, 1) == 0)) { - _free_field(asn->asn_id); - _free_field(asn->organization); - _free_field((char *)(*ad)); + tsg_free_field(asn->asn_id); + tsg_free_field(asn->organization); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_ASN_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_ASN_DEL], 0, FS_OP_ADD, 1); } } return; } -void location_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +void plugin_ex_data_asn_number_free(struct asn_info *asn) +{ + ex_data_asn_number_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_ASN_USER_DEFINED].id, (void **)&asn, 0, NULL); +} + +void ex_data_location_dup(int table_id, void **to, void **from, long argl, void* argp) { if((*from)!=NULL) { @@ -487,53 +550,58 @@ void location_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DAT return; } -void location_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_location_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { struct location_info *location=(struct location_info *)calloc(1, sizeof(struct location_info)); - location->country_full=tsg_get_column_string_value(table_line, 13); // country_full - location->province_full=tsg_get_column_string_value(table_line, 15); // province_full - location->city_full=tsg_get_column_string_value(table_line, 16); // city_full - str_unescape(location->country_full); - str_unescape(location->province_full); - str_unescape(location->city_full); + location->country_full=column_string_get_value(table_line, 13); // country_full + location->province_full=column_string_get_value(table_line, 15); // province_full + location->city_full=column_string_get_value(table_line, 16); // city_full + tm_str_unescape(location->country_full); + tm_str_unescape(location->province_full); + tm_str_unescape(location->city_full); - if(g_tsg_para.location_field_num==19) + if(g_tsg_maat_rt_para.location_field_num==19) { - location->subdivision_addr=tsg_get_column_string_value(table_line, 17); // subdivision_addr - str_unescape(location->subdivision_addr); + location->subdivision_addr=column_string_get_value(table_line, 17); // subdivision_addr + tm_str_unescape(location->subdivision_addr); } atomic_inc(&location->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)location; + *ad=(void *)location; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LOCATION_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LOCATION_ADD], 0, FS_OP_ADD, 1); return; } -void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_location_free(int table_id, void **ad, long argl, void* argp) { if(*ad!=NULL) { struct location_info *location=(struct location_info *)(*ad); if((__sync_sub_and_fetch(&location->ref_cnt, 1) == 0)) { - _free_field(location->country_full); - _free_field(location->province_full); - _free_field(location->city_full); - _free_field(location->subdivision_addr); + tsg_free_field(location->country_full); + tsg_free_field(location->province_full); + tsg_free_field(location->city_full); + tsg_free_field(location->subdivision_addr); - _free_field((char *)(*ad)); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LOCATION_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LOCATION_DEL], 0, FS_OP_ADD, 1); } } return; } -void fqdn_category_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +void plugin_ex_data_location_free(struct location_info *location) +{ + ex_data_location_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_USER_DEFINED].id, (void **)&location, 0, NULL); +} + +void ex_data_fqdn_category_id_dup(int table_id, void **to, void **from, long argl, void* argp) { if((*from)!=NULL) { @@ -544,43 +612,43 @@ void fqdn_category_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DAT return; } -void fqdn_category_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_fqdn_category_id_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { int category_id=2; struct fqdn_category * fqdn_cat=(struct fqdn_category *)calloc(1, sizeof(struct fqdn_category)); - fqdn_cat->category_id=(unsigned int)tsg_get_column_integer_value(table_line, category_id); + fqdn_cat->category_id=(unsigned int)column_integer_get_value(table_line, category_id); if(fqdn_cat->category_id==((unsigned int)-1)) { - _free_field((char *)fqdn_cat); + tsg_free_field((char *)fqdn_cat); fqdn_cat=NULL; return ; } atomic_inc(&fqdn_cat->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)fqdn_cat; + *ad=(void *)fqdn_cat; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_FQDN_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_FQDN_ADD], 0, FS_OP_ADD, 1); return; } -void fqdn_category_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_fqdn_category_id_free(int table_id, void **ad, long argl, void* argp) { if((*ad)!=NULL) { struct fqdn_category *fqdn_cat=(struct fqdn_category *)(*ad); if((__sync_sub_and_fetch(&fqdn_cat->ref_cnt, 1) == 0)) { - _free_field((char *)(*ad)); - *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_FQDN_DEL], 0, FS_OP_ADD, 1); + tsg_free_field((char *)(*ad)); + *ad=NULL; + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_FQDN_DEL], 0, FS_OP_ADD, 1); } } return; } -void subscriber_id_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +void ex_data_subscriber_id_dup(int table_id, void **to, void **from, long argl, void* argp) { if((*from)!=NULL) { @@ -592,46 +660,51 @@ void subscriber_id_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DAT return; } -void subscriber_id_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_subscriber_id_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { int subscribe_id=4; struct subscribe_id_info *subscriber=(struct subscribe_id_info *)calloc(1, sizeof(struct subscribe_id_info)); - subscriber->subscribe_id=tsg_get_column_string_value(table_line, subscribe_id); + subscriber->subscribe_id=column_string_get_value(table_line, subscribe_id); if(subscriber->subscribe_id==NULL) { - _free_field((char *)subscriber); + tsg_free_field((char *)subscriber); subscriber=NULL; return; } atomic_inc(&subscriber->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)subscriber; + *ad=(void *)subscriber; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SUBSCRIBER_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SUBSCRIBER_ADD], 0, FS_OP_ADD, 1); return; } -void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_subscriber_id_free(int table_id, void **ad, long argl, void* argp) { if((*ad)!=NULL) { struct subscribe_id_info *subscriber=(struct subscribe_id_info *)(*ad); if((__sync_sub_and_fetch(&subscriber->ref_cnt, 1) == 0)) { - _free_field(subscriber->subscribe_id); - _free_field((char *)(*ad)); + tsg_free_field(subscriber->subscribe_id); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SUBSCRIBER_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SUBSCRIBER_DEL], 0, FS_OP_ADD, 1); } } return; } -static int parse_deny_action(char *deny_action_str, struct deny_user_region *deny_app_para) +void plugin_ex_data_subscriber_id_free(struct subscribe_id_info *subscriber) +{ + ex_data_subscriber_id_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SUBSCRIBER_IP2ID].id, (void **)&subscriber, 0, NULL); +} + +static int parse_security_deny_action(char *deny_action_str, struct deny_user_region *deny_app_para) { if(deny_action_str==NULL) { @@ -674,7 +747,7 @@ static int parse_deny_action(char *deny_action_str, struct deny_user_region *den return 1; } -static void app_id_dict_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +void ex_data_app_id_dict_dup(int table_id, void **to, void **from, long argl, void* argp) { if((*from)!=NULL) { @@ -686,99 +759,72 @@ static void app_id_dict_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_E return; } -static void app_id_dict_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_app_id_dict_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { char *deny_action_str=NULL; struct app_id_dict *dict=NULL; - switch(g_tsg_para.app_dict_field_num) - { - case 16: - dict=(struct app_id_dict *)calloc(1, sizeof(struct app_id_dict)); - - dict->app_id=tsg_get_column_integer_value(table_line, 1); - dict->app_name=tsg_get_column_string_value(table_line, 2); - dict->category=tsg_get_column_string_value(table_line, 3); - dict->subcategroy=tsg_get_column_string_value(table_line, 4); - dict->technology=tsg_get_column_string_value(table_line, 5); - dict->risk=tsg_get_column_string_value(table_line, 6); - dict->characteristics=tsg_get_column_string_value(table_line, 7); - dict->continue_scanning=tsg_get_column_integer_value(table_line, 11); - dict->tcp_timeout=(unsigned short)tsg_get_column_integer_value(table_line, 12); - dict->udp_timeout=(unsigned short)tsg_get_column_integer_value(table_line, 13); - dict->tcp_half_close=tsg_get_column_integer_value(table_line, 14); - dict->tcp_time_wait=tsg_get_column_integer_value(table_line, 15); - - deny_action_str=tsg_get_column_string_value(table_line, 10); - break; - case 18: - dict=(struct app_id_dict *)calloc(1, sizeof(struct app_id_dict)); - - dict->app_id=tsg_get_column_integer_value(table_line, 1); - dict->app_name=tsg_get_column_string_value(table_line, 2); - dict->parent_app_id=tsg_get_column_integer_value(table_line, 3); - dict->parent_app_name=tsg_get_column_string_value(table_line, 4); - dict->category=tsg_get_column_string_value(table_line, 5); - dict->subcategroy=tsg_get_column_string_value(table_line, 6); - dict->technology=tsg_get_column_string_value(table_line, 7); - dict->risk=tsg_get_column_string_value(table_line, 8); - dict->characteristics=tsg_get_column_string_value(table_line, 9); - dict->continue_scanning=tsg_get_column_integer_value(table_line, 13); - dict->tcp_timeout=tsg_get_column_integer_value(table_line, 14); - dict->udp_timeout=tsg_get_column_integer_value(table_line, 15); - dict->tcp_half_close=tsg_get_column_integer_value(table_line, 16); - dict->tcp_time_wait=tsg_get_column_integer_value(table_line, 17); + dict=(struct app_id_dict *)calloc(1, sizeof(struct app_id_dict)); + + dict->app_id=column_integer_get_value(table_line, 1); + dict->app_name=column_string_get_value(table_line, 2); + dict->parent_app_id=column_integer_get_value(table_line, 3); + dict->parent_app_name=column_string_get_value(table_line, 4); + dict->category=column_string_get_value(table_line, 5); + dict->subcategory=column_string_get_value(table_line, 6); + dict->technology=column_string_get_value(table_line, 7); + dict->risk=column_string_get_value(table_line, 8); + dict->characteristics=column_string_get_value(table_line, 9); + dict->continue_scanning=column_integer_get_value(table_line, 13); + dict->tcp_timeout=column_integer_get_value(table_line, 14); + dict->udp_timeout=column_integer_get_value(table_line, 15); + dict->tcp_half_close=column_integer_get_value(table_line, 16); + dict->tcp_time_wait=column_integer_get_value(table_line, 17); + deny_action_str=column_string_get_value(table_line, 12); - deny_action_str=tsg_get_column_string_value(table_line, 12); - break; - default: - return ; - break; - } - - parse_deny_action(deny_action_str, &(dict->deny_app_para)); - _free_field(deny_action_str); + parse_security_deny_action(deny_action_str, &(dict->deny_app_para)); + tsg_free_field(deny_action_str); deny_action_str=NULL; - str_unescape(dict->risk); - str_unescape(dict->app_name); - str_unescape(dict->parent_app_name); - str_unescape(dict->category); - str_unescape(dict->subcategroy); - str_unescape(dict->technology); - str_unescape(dict->characteristics); + tm_str_unescape(dict->risk); + tm_str_unescape(dict->app_name); + tm_str_unescape(dict->parent_app_name); + tm_str_unescape(dict->category); + tm_str_unescape(dict->subcategory); + tm_str_unescape(dict->technology); + tm_str_unescape(dict->characteristics); atomic_inc(&dict->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)dict; + *ad=(void *)dict; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_ID_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_ID_ADD], 0, FS_OP_ADD, 1); return; } -void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_app_id_dict_free(int table_id, void **ad, long argl, void* argp) { if((*ad)!=NULL) { struct app_id_dict *dict=(struct app_id_dict *)(*ad); if((__sync_sub_and_fetch(&dict->ref_cnt, 1) == 0)) { - _free_field(dict->app_name); - _free_field(dict->parent_app_name); - _free_field(dict->category); - _free_field(dict->subcategroy); - _free_field(dict->technology); - _free_field(dict->risk); - _free_field(dict->characteristics); - _free_field((char *)(*ad)); + tsg_free_field(dict->app_name); + tsg_free_field(dict->parent_app_name); + tsg_free_field(dict->category); + tsg_free_field(dict->subcategory); + tsg_free_field(dict->technology); + tsg_free_field(dict->risk); + tsg_free_field(dict->characteristics); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_ID_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_ID_DEL], 0, FS_OP_ADD, 1); } } return; } -static int parse_answer_ttl(struct dns_user_region *user_region_records, cJSON *one_record, int answer_type) +static int parse_dns_answer_ttl(struct dns_user_region *user_region_records, cJSON *one_record, int answer_type) { if(one_record==NULL || user_region_records==NULL) { @@ -808,13 +854,13 @@ static int parse_answer_ttl(struct dns_user_region *user_region_records, cJSON * return 0; } - get_integer_from_json(ttl, "min", &(answer_record_tmp->min_ttl)); - get_integer_from_json(ttl, "max", &(answer_record_tmp->max_ttl)); + get_integer_from_json(ttl, "min", &(answer_record_tmp->min_ttl)); + get_integer_from_json(ttl, "max", &(answer_record_tmp->max_ttl)); return 1; } -static int parse_answer_profile(struct dns_user_region *user_region_records, cJSON *record_profile, int answer_type) +static int parse_dns_answer_profile(struct dns_user_region *user_region_records, cJSON *record_profile, int answer_type) { struct dns_answer_records *answer_records=(struct dns_answer_records *)calloc(1, sizeof(struct dns_answer_records)); answer_records->record_val.answer_type=answer_type; @@ -842,7 +888,7 @@ static int parse_answer_profile(struct dns_user_region *user_region_records, cJS return 1; } -static int parse_answer_value(struct dns_user_region *user_region_records, cJSON *record_value, int answer_type) +static int parse_dns_answer_value(struct dns_user_region *user_region_records, cJSON *record_value, int answer_type) { switch(answer_type) { @@ -872,7 +918,7 @@ static int parse_answer_value(struct dns_user_region *user_region_records, cJSON return 1; } -static int parse_answer_records(struct dns_user_region *user_region_records, cJSON *answer_array) +static int parse_dns_answer_records(struct dns_user_region *user_region_records, cJSON *answer_array) { int answer_type=-1; int i=0,ret=0,answer_size=0; @@ -902,16 +948,16 @@ static int parse_answer_records(struct dns_user_region *user_region_records, cJS a_item=cJSON_GetObjectItem(one_record, "value"); if(a_item!=NULL) { - ret=parse_answer_value(user_region_records, a_item, answer_type); + ret=parse_dns_answer_value(user_region_records, a_item, answer_type); } else { - ret=parse_answer_profile(user_region_records, one_record, answer_type); + ret=parse_dns_answer_profile(user_region_records, one_record, answer_type); } if(ret>0) { - parse_answer_ttl(user_region_records, one_record, answer_type); + parse_dns_answer_ttl(user_region_records, one_record, answer_type); } } @@ -952,13 +998,13 @@ static struct dns_user_region *parse_dns_user_region(cJSON *resolution_array, in continue; } - parse_answer_records(&(records[i]), answer_array); + parse_dns_answer_records(&(records[i]), answer_array); } return records; } -static int parse_default_para(cJSON *deny_user_region_object, struct compile_user_region *user_region) +static int parse_default_policy_para(cJSON *deny_user_region_object, struct compile_user_region *user_region) { cJSON *method_item=NULL; cJSON *tcp_session_item=cJSON_GetObjectItem(deny_user_region_object, "tcp_session"); @@ -1006,7 +1052,7 @@ static int parse_default_para(cJSON *deny_user_region_object, struct compile_use } -static int parse_packet_capture(cJSON *packet_capture_object, struct compile_user_region *user_region) +static int parse_policy_packet_capture(cJSON *packet_capture_object, struct compile_user_region *user_region) { if(packet_capture_object==NULL || user_region==NULL) { @@ -1028,7 +1074,7 @@ static int parse_packet_capture(cJSON *packet_capture_object, struct compile_use return 0; } -static int parse_packet_mirrored(cJSON *user_region_object, struct compile_user_region *user_region) +static int parse_policy_packet_mirrored(cJSON *user_region_object, struct compile_user_region *user_region) { if(user_region_object==NULL || user_region==NULL) { @@ -1128,59 +1174,60 @@ static struct compile_user_region *parse_deny_user_region(cJSON *deny_user_regio user_region->deny->type=TSG_DENY_TYPE_MAX; get_integer_from_json(deny_user_region_object, "bps", &(user_region->deny->bps)); break; - case TSG_METHOD_TYPE_DROP: + case TSG_METHOD_TYPE_DROP: user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region)); user_region->deny->type=TSG_DENY_TYPE_DROP; get_integer_from_json(deny_user_region_object, "send_icmp_unreachable", &(user_region->deny->drop_para.send_icmp_enable)); get_integer_from_json(deny_user_region_object, "send_tcp_reset", &(user_region->deny->drop_para.send_reset_enable)); get_integer_from_json(deny_user_region_object, "after_n_packets", &(user_region->deny->after_n_packets)); - break; + break; case TSG_METHOD_TYPE_APP_DROP: break; case TSG_METHOD_TYPE_RST: case TSG_METHOD_TYPE_RESET: break; - case TSG_METHOD_TYPE_TAMPER: - break; - default: - parse_default_para(deny_user_region_object, user_region); + case TSG_METHOD_TYPE_TAMPER: + break; + default: + parse_default_policy_para(deny_user_region_object, user_region); break; } return user_region; } -void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp) +void ex_data_security_compile_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void *argp) { cJSON *user_region_object=NULL; cJSON *packet_capture_object=NULL; - struct compile_user_region *user_region=NULL; + //struct compile_user_region *user_region=NULL; + + struct maat_compile *compile=(struct maat_compile *)calloc(1, sizeof(struct maat_compile)); - if(rule==NULL) + compile->rule.rule_id=column_integer_get_value(table_line, 1); //policy id + compile->rule.service_id = column_integer_get_value(table_line, 2); // service id + compile->rule.action = column_integer_get_value(table_line, 3); // action + compile->rule.do_log = column_integer_get_value(table_line, 5); // do_log + compile->p_user_region=column_string_get_value(table_line, 7); + + if(compile->p_user_region!=NULL && strlen(compile->p_user_region)>2) { - return ; - } - - if(srv_def_large!=NULL && strlen(srv_def_large)>2) - { - user_region_object=cJSON_Parse(srv_def_large); + user_region_object=cJSON_Parse(compile->p_user_region); if(user_region_object!=NULL) { packet_capture_object=cJSON_GetObjectItem(user_region_object, "packet_capture"); - switch(rule->action) + switch(compile->rule.action) { case TSG_ACTION_DENY: - user_region=parse_deny_user_region(user_region_object); - parse_packet_capture(packet_capture_object, user_region); - parse_packet_mirrored(user_region_object,user_region); - atomic_inc(&user_region->ref_cnt); + compile->user_region=parse_deny_user_region(user_region_object); + parse_policy_packet_capture(packet_capture_object, compile->user_region); + parse_policy_packet_mirrored(user_region_object,compile->user_region); break; case TSG_ACTION_MONITOR: - user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region)); - parse_packet_capture(packet_capture_object, user_region); - parse_packet_mirrored(user_region_object,user_region); - atomic_inc(&user_region->ref_cnt); + compile->user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region)); + parse_policy_packet_capture(packet_capture_object, compile->user_region); + parse_policy_packet_mirrored(user_region_object,compile->user_region); break; default: break; @@ -1191,26 +1238,27 @@ void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* s } } - if(g_tsg_para.default_compile_id==rule->config_id && user_region!=NULL) + if(g_tsg_maat_rt_para.default_compile_id==compile->rule.rule_id && compile->user_region!=NULL) { - if(user_region->method_type==TSG_METHOD_TYPE_DEFAULT && user_region->session_para!=NULL) + if(compile->user_region->method_type==TSG_METHOD_TYPE_DEFAULT && compile->user_region->session_para!=NULL) { - memcpy(&(user_region->session_para->result), rule, sizeof(struct Maat_rule_t)); + memcpy(&(compile->user_region->session_para->result), &(compile->rule), sizeof(struct maat_rule)); } } - - *ad=(MAAT_RULE_EX_DATA)user_region; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SECURIRY_ADD], 0, FS_OP_ADD, 1); + + atomic_inc(&compile->ref_cnt); + *ad=(void *)compile; + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SECURIRY_ADD], 0, FS_OP_ADD, 1); return ; } -void security_compile_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp) +void ex_data_security_compile_dup(int table_id, void **to, void **from, long argl, void *argp) { - struct compile_user_region *user_region=(struct compile_user_region *)(*from); - if(user_region!=NULL) + struct maat_compile *compile=(struct maat_compile *)(*from); + if(compile!=NULL) { - atomic_inc(&user_region->ref_cnt); + atomic_inc(&compile->ref_cnt); *to=*from; } } @@ -1220,7 +1268,7 @@ static void free_dns_records_val(struct dns_record_val *record_val, int record_v int i=0; for(i=0; irecord_val), 1); } - _free_field((char *)answer_records); + tsg_free_field((char *)answer_records); answer_records=NULL; } } @@ -1251,14 +1299,14 @@ static void free_deny_user_region(struct deny_user_region *deny) case TSG_DENY_TYPE_MESSAGE: case TSG_DENY_TYPE_REDIRECT_TO: case TSG_DENY_TYPE_REDIRECT_URL: - _free_field(deny->message); + tsg_free_field(deny->message); deny->message=NULL; break; case TSG_DENY_TYPE_REDIRECT_RECORD: free_dns_answer_records(deny->records->a); free_dns_answer_records(deny->records->aaaa); free_dns_answer_records(deny->records->cname); - _free_field(deny->message); + tsg_free_field(deny->message); deny->message=NULL; break; default: @@ -1267,43 +1315,48 @@ static void free_deny_user_region(struct deny_user_region *deny) } -void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp) +void ex_data_security_compile_free(int table_id, void **ad, long argl, void *argp) { - struct compile_user_region *user_region=(struct compile_user_region *)(*ad); - if(user_region==NULL) + struct maat_compile *compile=(struct maat_compile *)(*ad); + if(compile==NULL) { return ; } - if((__sync_sub_and_fetch(&user_region->ref_cnt, 1) == 0)) + if((__sync_sub_and_fetch(&compile->ref_cnt, 1) == 0)) { - switch(user_region->method_type) + if (compile->user_region != NULL) { - case TSG_METHOD_TYPE_ALERT: - case TSG_METHOD_TYPE_BLOCK: - case TSG_METHOD_TYPE_RATE_LIMIT: - case TSG_METHOD_TYPE_REDIRECTION: - free_deny_user_region(user_region->deny); - break; - default: - break; + switch(compile->user_region->method_type) + { + case TSG_METHOD_TYPE_ALERT: + case TSG_METHOD_TYPE_BLOCK: + case TSG_METHOD_TYPE_RATE_LIMIT: + case TSG_METHOD_TYPE_REDIRECTION: + free_deny_user_region(compile->user_region->deny); + break; + default: + break; + } + + if(compile->user_region->user_region_para!=NULL) + { + tsg_free_field((char *)(compile->user_region->user_region_para)); + compile->user_region->user_region_para=NULL; + } } + + tsg_free_field(compile->p_user_region); - if(user_region->user_region_para!=NULL) - { - _free_field((char *)(user_region->user_region_para)); - user_region->user_region_para=NULL; - } - - _free_field((char *)(*ad)); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SECURIRY_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SECURIRY_DEL], 0, FS_OP_ADD, 1); } } -static char *get_pages_content(const char *filename, int *filelen) +static char *get_http_pages_content(const char *filename, int *filelen) { FILE *file = NULL; long length = 0; @@ -1351,7 +1404,7 @@ cleanup: } -void http_response_pages_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +void ex_data_http_response_pages_dup(int table_id, void **to, void **from, long argl, void* argp) { if((*from)!=NULL) { @@ -1361,18 +1414,18 @@ void http_response_pages_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_ } } -void http_response_pages_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_http_response_pages_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { char *path=NULL, *format=NULL; struct http_response_pages *res_pages=(struct http_response_pages *)calloc(1, sizeof(struct http_response_pages)); - res_pages->profile_id=tsg_get_column_integer_value(table_line, 1); + res_pages->profile_id=column_integer_get_value(table_line, 1); - format=tsg_get_column_string_value(table_line, 3); - path=tsg_get_column_string_value(table_line, 4); + format=column_string_get_value(table_line, 3); + path=column_string_get_value(table_line, 4); if(format==NULL && path==NULL) { - _free_field((char *)res_pages); + tsg_free_field((char *)res_pages); res_pages=NULL; return; } @@ -1386,50 +1439,50 @@ void http_response_pages_new(int table_id, const char* key, const char* table_li res_pages->format=HTTP_RESPONSE_FORMAT_HTML; } - _free_field(format); + tsg_free_field(format); format=NULL; - res_pages->content=get_pages_content(path, &res_pages->content_len); - _free_field(path); + res_pages->content=get_http_pages_content(path, &res_pages->content_len); + tsg_free_field(path); path=NULL; if(res_pages->content!=NULL && res_pages->content_len>0) { atomic_inc(&res_pages->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)res_pages; + *ad=(void *)res_pages; } else { - _free_field(res_pages->content); - _free_field((char *)res_pages); + tsg_free_field(res_pages->content); + tsg_free_field((char *)res_pages); res_pages=NULL; } - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HTTP_RES_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HTTP_RES_ADD], 0, FS_OP_ADD, 1); } -void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ex_data_http_response_pages_free(int table_id, void **ad, long argl, void* argp) { if((*ad)!=NULL) { struct http_response_pages *res_pages=(struct http_response_pages *)(*ad); if((__sync_sub_and_fetch(&res_pages->ref_cnt, 1) == 0)) { - _free_field(res_pages->content); - _free_field((char *)(*ad)); + tsg_free_field(res_pages->content); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HTTP_RES_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HTTP_RES_DEL], 0, FS_OP_ADD, 1); } } } -void dns_profile_records_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_dns_profile_records_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void *argp) { struct dns_profile_records *profile_records=(struct dns_profile_records *)calloc(1, sizeof(struct dns_profile_records)); - profile_records->record_id=tsg_get_column_integer_value(table_line, 1); - char *answer_type=tsg_get_column_string_value(table_line, 3); - char *json_record=tsg_get_column_string_value(table_line, 4); + profile_records->record_id=column_integer_get_value(table_line, 1); + char *answer_type=column_string_get_value(table_line, 3); + char *json_record=column_string_get_value(table_line, 4); cJSON *records_array=cJSON_Parse(json_record); if(records_array!=NULL) @@ -1476,29 +1529,29 @@ void dns_profile_records_new(int table_id, const char* key, const char* table_li } atomic_inc(&profile_records->ref_cnt); - (*ad)=(MAAT_PLUGIN_EX_DATA)profile_records; + (*ad)=(void *)profile_records; cJSON_Delete(records_array); records_array=NULL; - _free_field(json_record); + tsg_free_field(json_record); json_record=NULL; - _free_field(answer_type); + tsg_free_field(answer_type); answer_type=NULL; } else { - _free_field((char *)profile_records); + tsg_free_field((char *)profile_records); profile_records=NULL; } - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DNS_RES_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DNS_RES_ADD], 0, FS_OP_ADD, 1); return ; } -void dns_profile_records_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp) +void ex_data_dns_profile_records_dup(int table_id, void **to, void **from, long argl, void *argp) { if((*from)!=NULL) { @@ -1510,7 +1563,7 @@ void dns_profile_records_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_ return ; } -void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_dns_profile_records_free(int table_id, void **ad, long argl, void *argp) { if((*ad)!=NULL) { @@ -1522,23 +1575,23 @@ void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, free_dns_records_val(profile_records->record_val, profile_records->record_num); } - _free_field((char *)(profile_records->record_val)); + tsg_free_field((char *)(profile_records->record_val)); profile_records->record_val=NULL; - _free_field((char *)(*ad)); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DNS_RES_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DNS_RES_DEL], 0, FS_OP_ADD, 1); } } } -void mirrored_profile_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_mirrored_profile_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void *argp) { struct traffic_mirror_profile *mirror_profile=(struct traffic_mirror_profile *)calloc(1, sizeof(struct traffic_mirror_profile)); - mirror_profile->profile_id=tsg_get_column_integer_value(table_line, 1); - char *vlan_ids_str=tsg_get_column_string_value(table_line, 3); + mirror_profile->profile_id=column_integer_get_value(table_line, 1); + char *vlan_ids_str=column_string_get_value(table_line, 3); cJSON *vlan_ids_object=cJSON_Parse(vlan_ids_str); if(vlan_ids_object!=NULL) @@ -1558,20 +1611,20 @@ void mirrored_profile_new(int table_id, const char* key, const char* table_line, atomic_inc(&mirror_profile->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)mirror_profile; + *ad=(void *)mirror_profile; cJSON_Delete(vlan_ids_object); vlan_ids_object=NULL; - _free_field(vlan_ids_str); + tsg_free_field(vlan_ids_str); vlan_ids_str=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_MIRRORED_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_MIRRORED_ADD], 0, FS_OP_ADD, 1); return ; } -void mirrored_profile_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp) +void ex_data_mirrored_profile_dup(int table_id, void **to, void **from, long argl, void *argp) { if((*from)!=NULL) { @@ -1583,49 +1636,49 @@ void mirrored_profile_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_ return ; } -void mirrored_profile_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_mirrored_profile_free(int table_id, void **ad, long argl, void *argp) { if((*ad)!=NULL) { struct traffic_mirror_profile *mirror_profile=(struct traffic_mirror_profile *)*ad; if((__sync_sub_and_fetch(&mirror_profile->ref_cnt, 1) == 0)) { - _free_field((char *)(*ad)); - *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_MIRRORED_DEL], 0, FS_OP_ADD, 1); + tsg_free_field((char *)(*ad)); + *ad=NULL; + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_MIRRORED_DEL], 0, FS_OP_ADD, 1); } } } -void session_log_profile_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_session_log_profile_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void *argp) { - g_tsg_para.session_record_switch=tsg_get_column_integer_value(table_line, 2); + g_tsg_maat_rt_para.session_record_switch=column_integer_get_value(table_line, 2); } -void session_log_profile_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp) +void ex_data_session_log_profile_dup(int table_id, void **to, void **from, long argl, void *argp) { } -void session_log_profile_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_session_log_profile_free(int table_id, void **ad, long argl, void *argp) { } -void tunnel_catalog_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_tunnel_catalog_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void *argp) { struct tunnel_catalog *t_catalog=(struct tunnel_catalog *)calloc(sizeof(struct tunnel_catalog), 1); - t_catalog->id=tsg_get_column_integer_value(table_line, 1); - t_catalog->name=tsg_get_column_string_value(table_line, 2); - t_catalog->type=tsg_get_column_string_value(table_line, 3); - t_catalog->composition=tsg_get_column_string_value(table_line, 4); + t_catalog->id=column_integer_get_value(table_line, 1); + t_catalog->name=column_string_get_value(table_line, 2); + t_catalog->type=column_string_get_value(table_line, 3); + t_catalog->composition=column_string_get_value(table_line, 4); atomic_inc(&t_catalog->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)t_catalog; + *ad=(void *)t_catalog; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_CATALOG_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_CATALOG_ADD], 0, FS_OP_ADD, 1); return; } -void tunnel_catalog_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_tunnel_catalog_free(int table_id, void **ad, long argl, void *argp) { if(*ad==NULL) { @@ -1635,15 +1688,15 @@ void tunnel_catalog_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void struct tunnel_catalog *t_catalog=(struct tunnel_catalog *)(*ad); if ((__sync_sub_and_fetch(&t_catalog->ref_cnt, 1) == 0)) { - _free_field(t_catalog->name); - _free_field(t_catalog->type); - _free_field(t_catalog->composition); - _free_field((char *)(*ad)); + tsg_free_field(t_catalog->name); + tsg_free_field(t_catalog->type); + tsg_free_field(t_catalog->composition); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_CATALOG_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_CATALOG_DEL], 0, FS_OP_ADD, 1); } } -void tunnel_catalog_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp) +void ex_data_tunnel_catalog_dup(int table_id, void **to, void **from, long argl, void *argp) { if((*from)!=NULL) { @@ -1653,22 +1706,22 @@ void tunnel_catalog_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DA } } -void tunnel_endpoint_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_tunnel_endpoint_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void *argp) { struct tunnel_endpoint *t_endpoint=(struct tunnel_endpoint *)calloc(1, sizeof(struct tunnel_endpoint)); - t_endpoint->id=tsg_get_column_integer_value(table_line, 1); - t_endpoint->description=tsg_get_column_string_value(table_line, 5); + t_endpoint->id=column_integer_get_value(table_line, 1); + t_endpoint->description=column_string_get_value(table_line, 5); atomic_inc(&t_endpoint->ref_cnt); - *ad=(MAAT_PLUGIN_EX_DATA)t_endpoint; + *ad=(void *)t_endpoint; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_ENDPOINT_ADD], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_ENDPOINT_ADD], 0, FS_OP_ADD, 1); return ; } -void tunnel_endpoint_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp) +void ex_data_tunnel_endpoint_dup(int table_id, void **to, void **from, long argl, void *argp) { if((*from)!=NULL) { @@ -1680,54 +1733,164 @@ void tunnel_endpoint_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_D return ; } -void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_tunnel_endpoint_free(int table_id, void **ad, long argl, void *argp) { if((*ad)!=NULL) { struct tunnel_endpoint *t_endpoint=(struct tunnel_endpoint *)*ad; if((__sync_sub_and_fetch(&t_endpoint->ref_cnt, 1) == 0)) { - _free_field(t_endpoint->description); - _free_field((char *)(*ad)); + tsg_free_field(t_endpoint->description); + tsg_free_field((char *)(*ad)); *ad=NULL; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_ENDPOINT_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_ENDPOINT_DEL], 0, FS_OP_ADD, 1); } } } -void tunnel_label_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void plugin_ex_data_tunnel_endpoint_free(struct tunnel_endpoint *t_enpoint) +{ + ex_data_tunnel_endpoint_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (void **)&t_enpoint, 0, NULL); +} + +void ex_data_tunnel_label_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void *argp) { - int label_id=tsg_get_column_integer_value(table_line, 1); - *ad=(MAAT_PLUGIN_EX_DATA)(long)label_id; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_LABEL_ADD], 0, FS_OP_ADD, 1); + int label_id=column_integer_get_value(table_line, 1); + *ad=(void *)(long)label_id; + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_LABEL_ADD], 0, FS_OP_ADD, 1); return ; } -void tunnel_label_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp) +void ex_data_tunnel_label_dup(int table_id, void **to, void **from, long argl, void *argp) { (*to)=(*from); return ; } -void tunnel_label_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +void ex_data_tunnel_label_free(int table_id, void **ad, long argl, void *argp) { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_LABEL_DEL], 0, FS_OP_ADD, 1); + //FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_LABEL_DEL], 0, FS_OP_ADD, 1); } -static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *maat_logger) +int init_scan_table(struct maat *feather, const char *conffile) +{ + MESA_load_profile_string_def(conffile, "MAAT", "IP_SRC_ADDR_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SRC_IP_ADDR].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ADDR"); + MESA_load_profile_string_def(conffile, "MAAT", "IP_DST_ADDR_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_DST_IP_ADDR].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ADDR"); + MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SUBSCRIBER_ID].name, MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID"); + MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_APP_ID].name, MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); + MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_HTTP_HOST].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST"); + MESA_load_profile_string_def(conffile, "MAAT", "HTTP_URL_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_HTTP_URL].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_URL"); + MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SSL_SNI].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI"); + MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_EXCLUSION_SSL_SNI].name, MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI"); + MESA_load_profile_string_def(conffile, "MAAT", "SRC_ASN_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SRC_ASN].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ASN"); + MESA_load_profile_string_def(conffile, "MAAT", "DST_ASN_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_DST_ASN].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ASN"); + MESA_load_profile_string_def(conffile, "MAAT", "SRC_LOCATION_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SRC_LOCATION].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_LOCATION"); + MESA_load_profile_string_def(conffile, "MAAT", "DST_LOCATION_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_DST_LOCATION].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_LOCATION"); + MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_QUIC_SNI].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI"); + //MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_FQDN_CAT_ID].name, MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT"); + MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SELECTOR_ID].name, MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID"); + MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SELECTOR_PROPERTIES].name, MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_GTP_APN].name, MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_GTP_IMSI].name, MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_GTP_PHONE_NUMBER].name, MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER"); + MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_DTLS_SNI].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI"); + MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_TUNNEL_ID].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL"); + MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SESSION_FLAGS].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG"); + + for(int i=0; i0) @@ -1740,499 +1903,138 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam MESA_load_profile_string_def(conffile, "MAAT", "ACCEPT_TAGS", effective_flag, sizeof(effective_flag),""); } - if(strlen(g_tsg_para.device_tag)==0 && strlen(effective_flag)>0) + if(strlen(g_tsg_maat_rt_para.device_tag)==0 && strlen(effective_flag)>0) { - - memcpy(g_tsg_para.device_tag, effective_flag, MIN(strlen(effective_flag), sizeof(g_tsg_para.device_tag)-1)); + memcpy(g_tsg_maat_rt_para.device_tag, effective_flag, MIN(strlen(effective_flag), sizeof(g_tsg_maat_rt_para.device_tag)-1)); } - if(strlen(g_tsg_para.data_center)==0 && strlen(effective_flag)>0) + if(strlen(g_tsg_maat_rt_para.data_center)==0 && strlen(effective_flag)>0) { char effective_tag_key[128]={0}; MESA_load_profile_string_def(conffile, module, "EFFECTIVE_TAG_KEY", effective_tag_key, sizeof(effective_tag_key),"data_center"); - get_data_center(effective_flag, effective_tag_key, g_tsg_para.data_center, sizeof(g_tsg_para.data_center)); + get_data_center(effective_flag, effective_tag_key, g_tsg_maat_rt_para.data_center, sizeof(g_tsg_maat_rt_para.data_center)); } - - MESA_load_profile_int_def(conffile, module,"MAAT_MODE", &(maat_mode),0); + + int _log_level=LOG_LEVEL_FATAL; + MESA_load_profile_int_def(conffile, module,"LOG_LEVEL", &(_log_level), LOG_LEVEL_FATAL); + + char log_path[128]={0}; + MESA_load_profile_string_def(conffile,module,"LOG_PATH", log_path, sizeof(log_path), "./log/maat.log"); + MESA_load_profile_int_def(conffile, module,"STAT_SWITCH", &(maat_stat_on),1); MESA_load_profile_int_def(conffile, module,"PERF_SWITCH", &(maat_perf_on),1); MESA_load_profile_int_def(conffile, module,"OUTPUT_PROMETHEUS", &(output_prometheus), 1); MESA_load_profile_int_def(conffile, module,"DEFERRED_LOAD", &(deferred_load), 0); - MESA_load_profile_string_def(conffile,module,"TABLE_INFO",table_info, sizeof(table_info), ""); MESA_load_profile_string_def(conffile,module,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file), ""); MESA_load_profile_int_def(conffile, module,"EFFECT_INTERVAL_S", &(effect_interval), 60); effect_interval*=1000;//convert s to ms - thread_max=get_thread_count(); - _maat_feather=Maat_feather(thread_max, table_info, maat_logger); - - if(maat_mode==2) + struct maat_options *opts=maat_options_new(); + size_t thread_max=(size_t)get_thread_count(); + maat_options_set_logger(opts, log_path, (enum log_level)_log_level); + maat_options_set_caller_thread_number(opts, thread_max); + maat_options_set_accept_tags(opts, (const char *)effective_flag); + maat_options_set_rule_effect_interval_ms(opts, effect_interval); + maat_options_set_instance_name(opts, instance_name); + if(deferred_load==1) { - int redis_index=0; - char redis_ip[16]={0}; - char redis_port_range[256]={0}; - MESA_load_profile_string_def(conffile,module,"REDIS_IP", redis_ip, sizeof(redis_ip),""); - MESA_load_profile_int_def(conffile, module,"REDIS_INDEX", &redis_index, 0); - MESA_load_profile_string_def(conffile,module,"REDIS_PORT", redis_port_range, sizeof(redis_port_range), "6379;"); - unsigned short redis_port=get_redis_port(redis_port_range); - - if(strlen(effective_flag)!=0) - { - Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); - } - Maat_set_feather_opt(_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_IP, redis_ip, strlen(redis_ip)+1); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_PORT, (void *)&redis_port, sizeof(redis_port)); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_ON, NULL, 0); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index)); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_FOREIGN_CONT_DIR, "./alerts_files", strlen("./alerts_files")+1); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); - if(deferred_load==1) - { - Maat_set_feather_opt(_maat_feather, MAAT_OPT_DEFERRED_LOAD, NULL, 0); - } + maat_options_set_deferred_load_on(opts); } - else + + MESA_load_profile_string_def(conffile, module, "MAAT_MODE", maat_mode, sizeof(maat_mode),"json"); + enum MAAT_MODE mode=get_maat_mode(maat_mode); + switch(mode) { - if(strlen(effective_flag)!=0) - { - int ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); - assert(ret>=0); - } - else - { - MESA_handle_runtime_log(maat_logger, RLOG_LV_FATAL, "EFFECTIVE_RANGE", "Effective range is empty, please check %s", effective_range_filename); - } - Maat_set_feather_opt(_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); - if(maat_mode==1) - { - char json_cfg_file[MAX_PATH_LEN]={0}; - MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),""); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1); - } - else - { - char inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0}; - MESA_load_profile_string_def(conffile,module,"INC_CFG_DIR",inc_cfg_dir, sizeof(inc_cfg_dir),""); - MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),""); - assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0); - - Maat_set_feather_opt(_maat_feather, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1); - } - if(maat_stat_on) - { - Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_ON, NULL, 0); - if(maat_perf_on) + case MAAT_MODE_FILE: { - Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); + char inc_cfg_dir[MAX_FILEPATH_LEN]={0},ful_cfg_dir[MAX_FILEPATH_LEN]={0}; + MESA_load_profile_string_def(conffile,module,"INC_CFG_DIR",inc_cfg_dir, sizeof(inc_cfg_dir),""); + MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),""); + assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0); + maat_options_set_iris(opts, (const char *)ful_cfg_dir, (const char *)inc_cfg_dir); } - } - - Maat_set_feather_opt(_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); - - if(deferred_load==1) - { - Maat_set_feather_opt(_maat_feather, MAAT_OPT_DEFERRED_LOAD, NULL, 0); - } - } - - int ret=Maat_initiate_feather(_maat_feather); - if(ret<0) - { - return NULL; + break; + case MAAT_MODE_JSON: + { + char json_filename[MAX_FILEPATH_LEN]={0}; + MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_filename, sizeof(json_filename),""); + maat_options_set_json_file(opts, (const char *)json_filename); + } + break; + case MAAT_MODE_REDIS: + { + int redis_index=0; + char redis_ip[16]={0}; + char redis_port_range[256]={0}; + MESA_load_profile_string_def(conffile,module,"REDIS_IP", redis_ip, sizeof(redis_ip),""); + MESA_load_profile_int_def(conffile, module,"REDIS_INDEX", &redis_index, 0); + MESA_load_profile_string_def(conffile,module,"REDIS_PORT", redis_port_range, sizeof(redis_port_range), "6379;"); + unsigned short redis_port=get_redis_port(redis_port_range); + maat_options_set_redis(opts, redis_ip, redis_port, redis_index); + } + break; + default: + break; } - return _maat_feather; + return maat_new(opts, table_info); } -int tsg_rule_init(const char* conffile, void *logger) +int tsg_maat_rule_init(const char* conffile) { - int i=0,ret=0; int log_level=30; char log_path[128]={0}; char maat_conffile[256]={0}; - - MESA_load_profile_int_def(conffile, "MAAT","APP_ID_TABLE_TYPE", &g_tsg_para.app_dict_field_num, 18); - MESA_load_profile_int_def(conffile, "MAAT","LOCATION_TABLE_TYPE", &g_tsg_para.location_field_num, 18); - MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat.conf"); - MESA_load_profile_string_def(conffile, "MAAT", "SECURITY_COMPILE", g_tsg_para.table_name[TABLE_SECURITY_COMPILE], MAX_TABLE_NAME_LEN, "TSG_SECURITY_COMPILE"); - MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR"); - MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID"); - MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); - MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST"); - MESA_load_profile_string_def(conffile, "MAAT", "HTTP_URL_TABLE", g_tsg_para.table_name[TABLE_HTTP_URL], MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_URL"); - MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI"); - MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_para.table_name[TABLE_EXCLUSION_SSL_SNI], MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI"); - - MESA_load_profile_string_def(conffile, "MAAT", "SRC_ASN_TABLE", g_tsg_para.table_name[TABLE_SRC_ASN], MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ASN"); - MESA_load_profile_string_def(conffile, "MAAT", "DST_ASN_TABLE", g_tsg_para.table_name[TABLE_DST_ASN], MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ASN"); - MESA_load_profile_string_def(conffile, "MAAT", "SRC_LOCATION_TABLE", g_tsg_para.table_name[TABLE_SRC_LOCATION], MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_LOCATION"); - MESA_load_profile_string_def(conffile, "MAAT", "DST_LOCATION_TABLE", g_tsg_para.table_name[TABLE_DST_LOCATION], MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_LOCATION"); - - MESA_load_profile_string_def(conffile, "MAAT", "ASN_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_ASN_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_IP_ASN_BUILT_IN"); - MESA_load_profile_string_def(conffile, "MAAT", "ASN_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_ASN_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_IP_ASN_USER_DEFINED"); - MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_LOCATION_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_BUILT_IN"); - MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_LOCATION_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_USER_DEFINED"); - - MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_para.table_name[TABLE_QUIC_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI"); - - MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT"); - MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN"); - MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED"); - - MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_DICT_TABLE", g_tsg_para.table_name[TABLE_APP_ID_DICT], MAX_TABLE_NAME_LEN, "APP_ID_DICT"); - MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); - MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID"); - MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES"); - - MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN"); - MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI"); - MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER"); - - MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES"); - MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS"); - MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR"); - - MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_para.table_name[TABLE_DTLS_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI"); - - MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ID], MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL"); - MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_CATALOG_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_CATALOG"); - MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ENDPOINT_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_ENDPOINT"); - MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_LABEL_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_LABEL], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_LABEL"); - - MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_para.table_name[TABLE_SESSION_FLAGS], MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG"); - MESA_load_profile_string_def(conffile, "MAAT", "SESSION_RECORD_TABLE", g_tsg_para.table_name[TABLE_SESSION_LOG], MAX_TABLE_NAME_LEN, "T_VSYS_INFO"); + memset(&g_tsg_maat_rt_para, 0, sizeof(struct maat_runtime_para)); MESA_load_profile_int_def(conffile, "MAAT","LOG_LEVEL", &log_level, 30); - MESA_load_profile_string_def(conffile, "MAAT", "LOG_PATH", log_path, sizeof(log_path), "./tsglog/maat/tsg_maat.log"); - g_tsg_para.maat_logger=MESA_create_runtime_log_handle(log_path, log_level); - if(g_tsg_para.maat_logger==NULL) + MESA_load_profile_string_def(conffile, "MAAT", "LOG_PATH", log_path, sizeof(log_path), "./log/tsg_maat.log"); + g_tsg_maat_rt_para.logger=MESA_create_runtime_log_handle(log_path, log_level); + if(g_tsg_maat_rt_para.logger==NULL) { printf("MESA_create_runtime_log_handle failed ...\n"); return -1; } - //init static maat feather - g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", g_tsg_para.maat_logger); + MESA_load_profile_int_def(conffile, "MAAT","SESSION_RECORD_SWITCH", &g_tsg_maat_rt_para.session_record_switch, 0); + + MESA_load_profile_int_def(conffile, "MAAT","LOCATION_TABLE_TYPE", &g_tsg_maat_rt_para.location_field_num, 18); + MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat.conf"); + g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"STATIC", (char *)"STATIC"); if(g_tsg_maat_feather==NULL) { - MESA_handle_runtime_log(g_tsg_para.maat_logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_STATIC", "STATIC"); return -1; } - g_tsg_para.table_id[TABLE_SECURITY_COMPILE]=Maat_rule_get_ex_new_index(g_tsg_maat_feather, - g_tsg_para.table_name[TABLE_SECURITY_COMPILE], - security_compile_new, - security_compile_free, - security_compile_dup, - 0, - g_tsg_para.maat_logger - ); - - if(g_tsg_para.table_id[TABLE_SECURITY_COMPILE]<0) - { - - MESA_handle_runtime_log(g_tsg_para.maat_logger, RLOG_LV_FATAL, "REGISTER_TABLE", "Register table: %s failed ...", g_tsg_para.table_name[TABLE_SECURITY_COMPILE]); - return -1; - } - - for(i=TABLE_IP_ADDR; icategory_id - y->category_id); +} + +static int get_fqdn_category_id(struct maat *feather, int table_id, char *fqdn, unsigned int *category_id, int category_id_num) { struct fqdn_category *ex_data_array[8]={0}; - int ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8); + int ret=maat_fqdn_plugin_table_get_ex_data(feather, table_id, fqdn, (void **)ex_data_array, 8); if(ret>0) { int cnt=0; @@ -2252,7 +2054,7 @@ static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char } } - fqdn_category_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger); + ex_data_fqdn_category_id_free(table_id, (void **)&(ex_data_array[i]), 0, NULL); } return cnt; @@ -2261,190 +2063,8 @@ static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char return 0; } -int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE result_type, struct Maat_rule_t *p_result, tsg_protocol_t proto, int thread_seq) +int ip_int2string(const struct streaminfo *a_stream, char *s_ip, size_t s_ip_len, char *d_ip, size_t d_ip_len) { - struct policy_priority_label *priority_label=NULL; - - priority_label=(struct policy_priority_label *)stream_bridge_async_data_get((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - if(priority_label==NULL) - { - priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); - memset(priority_label, 0, sizeof(struct policy_priority_label)); - } - - - priority_label->proto=proto; - priority_label->security_result_num=1; - priority_label->result_type=result_type; - memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t)); - - int ret=stream_bridge_async_data_put((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); - if(ret<0) - { - free_policy_label(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "PROJECT_ADD", - "Add policy_priority_label failed, policy, policy_id: %d action: %d addr: %s", - priority_label->security_result[0].config_id, - (unsigned char)priority_label->security_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - return -1; - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "COPY_RESULT", - "Hit policy, policy_id: %d action: %d addr: %s", - priority_label->security_result[0].config_id, - (unsigned char)priority_label->security_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return 0; -} - -int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num) -{ - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); - if(shaping_label!=NULL && result!=NULL && result_num>0) - { - int num=MIN(shaping_label->shaping_result_num, result_num); - memcpy(result, shaping_label->shaping_result, num*sizeof(Maat_rule_t)); - return num; - } - - return 0; -} - -int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info) -{ - struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - if(label!=NULL && result!=NULL && result_num>0 && identify_info!=NULL) - { - if((label->result_type==pull_result_type) || (pull_result_type==PULL_ALL_RESULT)) - { - int num=MIN(label->security_result_num, result_num); - memcpy(result, label->security_result, num*sizeof(Maat_rule_t)); - - if(label->domain_len>0) - { - memcpy(identify_info->domain, label->domain, label->domain_len); - identify_info->domain_len=label->domain_len; - } - - identify_info->proto = label->proto; - - return num; - } - } - - return 0; -} - -char *tsg_pull_quic_ua(struct streaminfo *a_stream) -{ - struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - if(label!=NULL) - { - return label->quic_ua; - } - - return NULL; -} - -char *tsg_pull_http_url(struct streaminfo *a_stream) -{ - struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - if(label!=NULL) - { - return label->http_url; - } - - return NULL; -} - -int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn) -{ - struct ip_address dest_ip={0}, source_ip={0}; - - switch(a_stream->addr.addrtype) - { - case ADDR_TYPE_IPV4: - source_ip.ip_type=4; - source_ip.ipv4=a_stream->addr.tuple4_v4->saddr; - - dest_ip.ip_type=4; - dest_ip.ipv4=a_stream->addr.tuple4_v4->daddr; - break; - case ADDR_TYPE_IPV6: - source_ip.ip_type=6; - memcpy((char *)(source_ip.ipv6), a_stream->addr.tuple4_v6->saddr, IPV6_ADDR_LEN); - - dest_ip.ip_type=6; - memcpy((char *)(dest_ip.ipv6), a_stream->addr.tuple4_v6->daddr, IPV6_ADDR_LEN); - break; - default: - return 0; - break; - } - - if(*client_asn==NULL) - { - Maat_ip_plugin_get_EX_data(g_tsg_maat_feather, table_id, &source_ip, client_asn, 1); - } - - if(*server_asn==NULL) - { - Maat_ip_plugin_get_EX_data(g_tsg_maat_feather, table_id, &dest_ip, server_asn, 1); - } - - return 0; -} - - -int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location) -{ - struct ip_address dest_ip={0}, source_ip={0}; - - switch(a_stream->addr.addrtype) - { - case ADDR_TYPE_IPV4: - source_ip.ip_type=4; - source_ip.ipv4=a_stream->addr.tuple4_v4->saddr; - - dest_ip.ip_type=4; - dest_ip.ipv4=a_stream->addr.tuple4_v4->daddr; - break; - case ADDR_TYPE_IPV6: - source_ip.ip_type=6; - memcpy((char *)(source_ip.ipv6), a_stream->addr.tuple4_v6->saddr, IPV6_ADDR_LEN); - - dest_ip.ip_type=6; - memcpy((char *)(dest_ip.ipv6), a_stream->addr.tuple4_v6->daddr, IPV6_ADDR_LEN); - break; - default: - return 0; - break; - } - - if(*client_location==NULL) - { - Maat_ip_plugin_get_EX_data(g_tsg_maat_feather, table_id, &source_ip, client_location, 1); - } - if(*server_location==NULL) - { - Maat_ip_plugin_get_EX_data(g_tsg_maat_feather, table_id, &dest_ip, server_location, 1); - } - - return 0; -} - -int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id) -{ - char source_ip[MAX_IPV6_ADDR_LEN]={0}; - char dest_ip[MAX_IPV6_ADDR_LEN]={0}; struct stream_tuple4_v4 *v4=NULL; struct stream_tuple4_v6 *v6=NULL; @@ -2452,83 +2072,330 @@ int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_ { case ADDR_TYPE_IPV4: v4=a_stream->addr.tuple4_v4; - inet_ntop(AF_INET, &(v4->saddr), source_ip, MAX_IPV6_ADDR_LEN); - inet_ntop(AF_INET, &(v4->daddr), dest_ip, MAX_IPV6_ADDR_LEN); + inet_ntop(AF_INET, &(v4->saddr), s_ip, s_ip_len); + inet_ntop(AF_INET, &(v4->daddr), d_ip, d_ip_len); break; case ADDR_TYPE_IPV6: v6=a_stream->addr.tuple4_v6; - inet_ntop(AF_INET6, v6->saddr, source_ip, MAX_IPV6_ADDR_LEN); - inet_ntop(AF_INET6, v6->daddr, dest_ip, MAX_IPV6_ADDR_LEN); + inet_ntop(AF_INET6, v6->saddr, s_ip, s_ip_len); + inet_ntop(AF_INET6, v6->daddr, d_ip, d_ip_len); break; default: + return 0; break; } + return 1; +} + +int ip_address_convert(const struct streaminfo *a_stream, struct ip_addr *s_ip, struct ip_addr *d_ip) +{ + switch(a_stream->addr.addrtype) + { + case ADDR_TYPE_IPV4: + s_ip->ip_type=4; + s_ip->ipv4=a_stream->addr.tuple4_v4->saddr; + + d_ip->ip_type=4; + d_ip->ipv4=a_stream->addr.tuple4_v4->daddr; + break; + case ADDR_TYPE_IPV6: + s_ip->ip_type=6; + memcpy((char *)(s_ip->ipv6), a_stream->addr.tuple4_v6->saddr, IPV6_ADDR_LEN); + + d_ip->ip_type=6; + memcpy((char *)(d_ip->ipv6), a_stream->addr.tuple4_v6->daddr, IPV6_ADDR_LEN); + break; + default: + return 0; + break; + } + + return 1; +} + +int srt_attribute_set_ip_asn(const struct streaminfo *a_stream, struct maat *feather, struct asn_info **client_asn, struct asn_info **server_asn) +{ + struct ip_addr dest_ip={0}, source_ip={0}; + ip_address_convert(a_stream, &source_ip, &dest_ip); + + if(*client_asn==NULL) + { + maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_ASN_USER_DEFINED].id, &source_ip, (void **)client_asn, 1); + } + + if(*client_asn==NULL) + { + maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_ASN_BUILT_IN].id, &source_ip, (void **)client_asn, 1); + } + + if(*server_asn==NULL) + { + maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_ASN_USER_DEFINED].id, &dest_ip, (void **)server_asn, 1); + } + + if(*server_asn==NULL) + { + maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_ASN_BUILT_IN].id, &dest_ip, (void **)server_asn, 1); + } + + return 1; +} + +int srt_attribute_set_ip_location(const struct streaminfo *a_stream, struct maat *feather, struct location_info **client_location, struct location_info **server_location) +{ + struct ip_addr dest_ip={0}, source_ip={0}; + ip_address_convert(a_stream, &source_ip, &dest_ip); + + if(*client_location==NULL) + { + maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_USER_DEFINED].id, &source_ip, (void **)client_location, 1); + } + + if(*client_location==NULL) + { + maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_BUILT_IN].id, &source_ip, (void **)client_location, 1); + } + + if(*server_location==NULL) + { + maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_USER_DEFINED].id, &dest_ip, (void **)server_location, 1); + } + + if(*server_location==NULL) + { + maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_BUILT_IN].id, &dest_ip, (void **)server_location, 1); + } + + return 1; +} + +int srt_attribute_set_subscriber_id(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id) +{ + char source_ip[MAX_IPV6_ADDR_LEN]={0}; + char dest_ip[MAX_IPV6_ADDR_LEN]={0}; + + int ret=ip_int2string(a_stream, source_ip, MAX_IPV6_ADDR_LEN, dest_ip, MAX_IPV6_ADDR_LEN); + if(ret==0) + { + return 0; + } + if(strlen(dest_ip)>0 && *dest_subscribe_id==NULL) { - *dest_subscribe_id = (struct subscribe_id_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_table_id[DYN_TABLE_SUBSCRIBER_IP], dest_ip); + *dest_subscribe_id=(struct subscribe_id_info *)maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SUBSCRIBER_IP2ID].id, dest_ip); } if(strlen(source_ip)>0 && *source_subscribe_id==NULL) { - *source_subscribe_id = (struct subscribe_id_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_table_id[DYN_TABLE_SUBSCRIBER_IP], source_ip); + *source_subscribe_id=(struct subscribe_id_info *)maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SUBSCRIBER_IP2ID].id, source_ip); } return 0; } -int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct asn_info *asn, enum MASTER_STATIC_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) +size_t matche_rules_convert(struct maat *feather,long long *matched_rules, size_t n_matched_rules, struct maat_rule *results, size_t n_results) { - int ret=0; - - if(asn==NULL || asn->asn_id==NULL|| result==NULL || result_num==0) + size_t offset=0; + for(size_t i=0; irule; + ex_data_security_compile_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SECURITY_COMPILE].id, (void **)&(maat_compile), 0, NULL); } - ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[idx], CHARSET_GBK, asn->asn_id, strlen(asn->asn_id), result, NULL, result_num, mid, a_stream->threadnum); - if(ret > 0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP_ASN", - "Hit IP_ASN: %s scan ret: %d table_name: %s policy_id: %d service: %d action: %d addr: %s", - asn->asn_id, - ret, - g_tsg_para.table_name[idx], - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); + return offset; +} - return ret; +size_t tsg_scan_integer(const struct streaminfo *a_stream, struct maat *feather, long long s_integer, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +{ + size_t n_matched_rules=0; + long long matched_rules[MAX_RESULT_NUM]; + int is_hited=maat_scan_integer(feather, g_tsg_maat_rt_para.scan_tb[idx].id, s_integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + if(is_hited==MAAT_SCAN_HIT) + { + return matche_rules_convert(feather, matched_rules, n_matched_rules, results, n_results); } - MESA_handle_runtime_log(g_tsg_para.logger, + MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, RLOG_LV_DEBUG, - "SCAN_IP_ASN", - "No hit IP_ASN: %s scan ret: %d table_name: %s addr: %s", - asn->asn_id, - ret, - g_tsg_para.table_name[idx], - PRINTADDR(a_stream, g_tsg_para.level) + "SCAN_INTEGER", + "No hit: %lld: scan ret: %d table_name: %s addr: %s", + s_integer, + is_hited, + g_tsg_maat_rt_para.scan_tb[idx].name, + PRINTADDR(a_stream, g_tsg_maat_rt_para.level) ); return 0; } - -int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct location_info *location, enum MASTER_STATIC_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) +size_t tsg_scan_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long long flags, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) { - int ret=0; - char full_address[1024]={0}; + size_t n_matched_rules=0; + long long matched_rules[MAX_RESULT_NUM]; + int is_hited=maat_scan_flag(feather, g_tsg_maat_rt_para.scan_tb[idx].id, flags, matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + if(is_hited==MAAT_SCAN_HIT) + { + return matche_rules_convert(feather, matched_rules, n_matched_rules, results, n_results); + } - if(location==NULL || result==NULL || result_num==0) + MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, + RLOG_LV_DEBUG, + "SCAN_FLAGS", + "No hit: %llu scan ret: %d table_name: %s addr: %s", + flags, + is_hited, + g_tsg_maat_rt_para.scan_tb[idx].name, + PRINTADDR(a_stream, g_tsg_maat_rt_para.level) + ); + return 0; +} + +size_t tsg_scan_string(const struct streaminfo *a_stream, struct maat *feather, const char *s_data, size_t s_data_len, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +{ + size_t n_matched_rules=0; + long long matched_rules[MAX_RESULT_NUM]; + int is_hited=maat_scan_string(feather, g_tsg_maat_rt_para.scan_tb[idx].id, s_data, s_data_len, matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + if(is_hited==MAAT_SCAN_HIT) + { + return matche_rules_convert(feather, matched_rules, n_matched_rules, results, n_results); + } + + MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, + RLOG_LV_DEBUG, + "SCAN_STRING", + "No hit: %s len: %lu scan ret: %d table_name: %s addr: %s", + s_data, + s_data_len, + is_hited, + g_tsg_maat_rt_para.scan_tb[idx].name, + PRINTADDR(a_stream, g_tsg_maat_rt_para.level) + ); + return 0; +} + +size_t tsg_scan_ipv4_address(const struct streaminfo *a_stream, struct maat *feather, struct ipaddr* p_addr, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *rules, size_t n_rules) +{ + if(p_addr==NULL) { return 0; } - if(g_tsg_para.location_field_num==19) + int is_hited=0; + size_t n_matched_rules=0; + long long matched_rules[MAX_RESULT_NUM]; + switch(idx) + { + case MAAT_SCAN_SRC_IP_ADDR: + is_hited=maat_scan_ipv4(feather, g_tsg_maat_rt_para.scan_tb[idx].id, p_addr->v4->saddr, p_addr->v4->source, -1, + matched_rules+n_matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + break; + case MAAT_SCAN_DST_IP_ADDR: + is_hited=maat_scan_ipv4(feather, g_tsg_maat_rt_para.scan_tb[idx].id, p_addr->v4->daddr, p_addr->v4->dest, -1, + matched_rules+n_matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + break; + default: + return 0; + } + + if(n_matched_rules>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IPV4", + "Hit %s addr: %s return n_rules: %llu", + g_tsg_maat_rt_para.scan_tb[idx].name, + PRINTADDR(a_stream, g_tsg_para.level), + n_matched_rules + ); + return matche_rules_convert(feather, matched_rules, n_matched_rules, rules, n_rules); + } + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IPV4", + "Not hit %s addr: %s Scan return: %d ", + g_tsg_maat_rt_para.scan_tb[idx].name, + PRINTADDR(a_stream, g_tsg_para.level), + is_hited + ); + + return 0; +} + +size_t tsg_scan_ipv6_address(const struct streaminfo *a_stream, struct maat *feather, struct ipaddr* p_addr, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *rules, size_t n_rules) +{ + if(p_addr==NULL) + { + return 0; + } + + int is_hited=0; + size_t n_matched_rules=0; + long long matched_rules[MAX_RESULT_NUM]; + switch(idx) + { + case MAAT_SCAN_SRC_IP_ADDR: + is_hited=maat_scan_ipv6(feather, g_tsg_maat_rt_para.scan_tb[idx].id, p_addr->v6->saddr, p_addr->v6->source, -1, + matched_rules+n_matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + break; + case MAAT_SCAN_DST_IP_ADDR: + is_hited=maat_scan_ipv6(feather, g_tsg_maat_rt_para.scan_tb[idx].id, p_addr->v6->daddr, p_addr->v6->dest, -1, + matched_rules+n_matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + break; + default: + return 0; + } + + if(n_matched_rules>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IPV6", + "Hit %s addr: %s return n_rules: %llu", + g_tsg_maat_rt_para.scan_tb[idx].name, + PRINTADDR(a_stream, g_tsg_para.level), + n_matched_rules + ); + return matche_rules_convert(feather, matched_rules, n_matched_rules, rules, n_rules); + } + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IPV6", + "Not hit %s addr: %s Scan return: %d ", + g_tsg_maat_rt_para.scan_tb[idx].name, + PRINTADDR(a_stream, g_tsg_para.level), + is_hited + ); + + return 0; +} + +size_t tsg_scan_ip_asn(const struct streaminfo *a_stream, struct maat *feather, struct asn_info *asn, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_result) +{ + if(asn==NULL || asn->asn_id==NULL|| results==NULL || n_result==0) + { + return 0; + } + + return tsg_scan_string(a_stream, feather, asn->asn_id, strlen(asn->asn_id), idx, s_mid, results, n_result); +} + +size_t tsg_scan_ip_location(const struct streaminfo *a_stream, struct maat *feather, struct location_info *location, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +{ + char full_address[1024]={0}; + if(location==NULL || results==NULL || n_results==0) + { + return 0; + } + + if(g_tsg_maat_rt_para.location_field_num==19) { snprintf(full_address, sizeof(full_address), @@ -2542,65 +2409,57 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a { snprintf(full_address, sizeof(full_address), "%s.%s.", location->country_full, location->city_full); } - - ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[idx], CHARSET_GBK, full_address, strlen(full_address), result, NULL, result_num, mid, a_stream->threadnum); - if(ret > 0) + + return tsg_scan_string(a_stream, feather, full_address, strlen(full_address), idx, s_mid, results, n_results); +} + +int tsg_scan_intercept_exclusion(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *p_result, char *domain, int thread_seq) +{ + if(domain==NULL) { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP_LOCATION", - "Hit IP_LOCATION: %s scan ret: %d table_name: %s policy_id: %d service: %d action: %d addr: %s", - full_address, - ret, - g_tsg_para.table_name[idx], - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - return ret; + return 0; } + struct maat_state *s_mid=maat_state_new(g_tsg_maat_feather, thread_seq); + struct maat_rule tmp_result; + size_t ret=tsg_scan_string(a_stream, g_tsg_maat_feather, domain, strlen(domain), MAAT_SCAN_EXCLUSION_SSL_SNI, s_mid, &tmp_result, 1); + maat_state_free(s_mid); + s_mid=NULL; + + if(ret>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "EXCLUSION_SSL_SNI", + "Hit %s policy_id: %d service: %d action: %d Decryption Exclusion: [ policy_id: %d service: %d action: %d ] addr: %s", + domain, + tmp_result.rule_id, + tmp_result.service_id, + (unsigned char)tmp_result.action, + p_result->rule_id, + p_result->service_id, + (unsigned char)p_result->action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + + return 1; + } + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, - "SCAN_IP_LOCATION", - "No hit IP_LOCATION: %s scan ret: %d table_name: %s addr: %s", - full_address, - ret, - g_tsg_para.table_name[idx], - PRINTADDR(a_stream, g_tsg_para.level) + "EXCLUSION_SSL_SNI", + "Not hit %s stream_dir: %d addr: %s scan ret: %d", + domain, + a_stream->dir, + PRINTADDR(a_stream, g_tsg_para.level), + ret ); + return 0; } - -static unsigned short get_trans_protocol(const struct streaminfo *a_stream) -{ - if(a_stream==NULL) - { - return 255; - } - - switch(a_stream->type) - { - case STREAM_TYPE_TCP: - return 6; - break; - case STREAM_TYPE_UDP: - return 17; - break; - default: - break; - } - - return 255; -} - -#define TUNNEL_BOOL_ID_MAX 128 -#define TUNNEL_CATALOG_MAX 128 - -static int get_one_endpoint_ids(const struct streaminfo *a_stream, int table_id, struct ip_address *ip, struct tunnel_endpoint **endpoint, unsigned long long *id_array, int id_array_num) +static int get_one_endpoint_ids(const struct streaminfo *a_stream, struct maat *feather, struct ip_addr *ip, struct tunnel_endpoint **endpoint, long long *id_array, int id_array_num) { int i=0,ret=0,offset=0,free_flag=0; struct tunnel_endpoint *all_endpoint[TUNNEL_BOOL_ID_MAX]; @@ -2609,13 +2468,13 @@ static int get_one_endpoint_ids(const struct streaminfo *a_stream, int table_id, { return 0; } - - ret=Maat_ip_plugin_get_EX_data(g_tsg_maat_feather, table_id, ip, (MAAT_PLUGIN_EX_DATA *)all_endpoint, TUNNEL_BOOL_ID_MAX); + + ret=maat_ip_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (const struct ip_addr *)ip, (void **)all_endpoint, TUNNEL_BOOL_ID_MAX); for(i=0; i=id_array_num) { - tunnel_endpoint_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(all_endpoint[i]), 0, NULL); + ex_data_tunnel_endpoint_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (void **)&(all_endpoint[i]), 0, NULL); continue; } @@ -2625,7 +2484,7 @@ static int get_one_endpoint_ids(const struct streaminfo *a_stream, int table_id, } else if((*endpoint)->id < all_endpoint[i]->id) { - tunnel_endpoint_free(table_id, (MAAT_PLUGIN_EX_DATA *)endpoint, 0, NULL); + ex_data_tunnel_endpoint_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (void **)endpoint, 0, NULL); *endpoint=all_endpoint[i]; } else @@ -2634,65 +2493,40 @@ static int get_one_endpoint_ids(const struct streaminfo *a_stream, int table_id, } id_array[offset++]=all_endpoint[i]->id; - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "endpoint", "addr: %s Get endpoint id: %d", PRINTADDR(a_stream, g_tsg_para.level), all_endpoint[i]->id); + MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, RLOG_LV_DEBUG, "endpoint", "addr: %s Get endpoint id: %d", PRINTADDR(a_stream, g_tsg_maat_rt_para.level), all_endpoint[i]->id); if(free_flag==1) { free_flag=0; - tunnel_endpoint_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(all_endpoint[i]), 0, NULL); + ex_data_tunnel_endpoint_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (void **)&(all_endpoint[i]), 0, NULL); } } return offset; } -int tsg_get_endpoint_id(const struct streaminfo *a_stream, int table_id, struct tunnel_endpoint **client_endpoint, struct tunnel_endpoint **server_endpoint, unsigned long long *endpoint_id_array, int endpoint_id_array_num) +int tsg_get_endpoint_id(const struct streaminfo *a_stream, struct maat *feather, struct tunnel_endpoint **client_endpoint, struct tunnel_endpoint **server_endpoint, long long *endpoint_id_array, int endpoint_id_array_num) { int offset=0; - struct ip_address dest_ip={0}, source_ip={0}; - - switch(a_stream->addr.addrtype) - { - case ADDR_TYPE_IPV4: - source_ip.ip_type=4; - source_ip.ipv4=a_stream->addr.tuple4_v4->saddr; - - dest_ip.ip_type=4; - dest_ip.ipv4=a_stream->addr.tuple4_v4->daddr; - break; - case ADDR_TYPE_IPV6: - source_ip.ip_type=6; - memcpy((char *)(source_ip.ipv6), a_stream->addr.tuple4_v6->saddr, IPV6_ADDR_LEN); - - dest_ip.ip_type=6; - memcpy((char *)(dest_ip.ipv6), a_stream->addr.tuple4_v6->daddr, IPV6_ADDR_LEN); - break; - default: - return 0; - break; - } - - offset+=get_one_endpoint_ids(a_stream, table_id, &source_ip, client_endpoint, endpoint_id_array+offset, endpoint_id_array_num-offset); - offset+=get_one_endpoint_ids(a_stream, table_id, &dest_ip, server_endpoint, endpoint_id_array+offset, endpoint_id_array_num-offset); + struct ip_addr dest_ip={0}, source_ip={0}; + ip_address_convert(a_stream, &source_ip, &dest_ip); + offset+=get_one_endpoint_ids(a_stream, feather, &source_ip, client_endpoint, endpoint_id_array+offset, endpoint_id_array_num-offset); + offset+=get_one_endpoint_ids(a_stream, feather, &dest_ip, server_endpoint, endpoint_id_array+offset, endpoint_id_array_num-offset); return offset; } -int tsg_get_vlan_label_id(struct single_layer_vlan_addr *vlan_array, int vlan_array_num, unsigned long long *label_id_array, int label_id_array_num) +int tsg_get_vlan_label_id(struct maat *feather, struct single_layer_vlan_addr *vlan_array, int vlan_array_num, long long *label_id_array, int label_id_array_num) { - int i=0,idx=0; - char label[32]={0}; - MAAT_PLUGIN_EX_DATA label_id=NULL; - if(vlan_array_num<=0 || label_id_array_num<=0 || vlan_array==NULL || label_id_array==NULL) { return 0; } - for(i=0; iid, result+hit_num, result_num-hit_num, mid, thread_seq); - if(maat_ret>0) - { - hit_num+=maat_ret; - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_TUNNEL_ID", "Scan tunnel name: %s id: %d, ret: %d", t_catalog[i]->name, t_catalog[i]->id, maat_ret); - tunnel_catalog_free(g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], (MAAT_PLUGIN_EX_DATA *)&(t_catalog[i]), 0, NULL); + hit_num+=tsg_scan_integer(a_stream, feather, (long long)t_catalog[i]->id, MAAT_SCAN_TUNNEL_ID, s_mid, results+hit_num, n_results-hit_num); + ex_data_tunnel_catalog_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_CATALOG].id, (void **)&(t_catalog[i]), 0, NULL); } return hit_num; } -int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, struct Maat_rule_t *result, int result_num) +size_t tsg_scan_subscribe_id_policy(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info *user_info, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) { - int ret=0,hit_num=0; + if(user_info==NULL || user_info->subscribe_id==NULL || results==NULL || n_results==0) + { + return 0; + } + + return tsg_scan_string(a_stream, feather, user_info->subscribe_id, strlen(user_info->subscribe_id), MAAT_SCAN_SUBSCRIBER_ID, s_mid, results, n_results); +} + +size_t tsg_scan_gtp_apn_policy(const struct streaminfo *a_stream, struct maat *feather, char *apn, struct maat_state *s_mid,struct maat_rule *results, size_t n_results) +{ + if(apn==NULL || results==NULL || n_results==0) + { + return 0; + } + + return tsg_scan_string(a_stream, feather, apn, strlen(apn), MAAT_SCAN_GTP_APN, s_mid, results, n_results); +} + +size_t tsg_scan_gtp_imsi_policy(const struct streaminfo *a_stream, struct maat *feather, char *imsi, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +{ + if(imsi==NULL || results==NULL || n_results==0) + { + return 0; + } + + return tsg_scan_string(a_stream, feather, imsi, strlen(imsi), MAAT_SCAN_GTP_IMSI, s_mid, results, n_results); +} + +size_t tsg_scan_gtp_phone_number_policy(const struct streaminfo *a_stream, struct maat *feather, char *phone_number, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +{ + if(phone_number==NULL || results==NULL || n_results==0) + { + return 0; + } + + return tsg_scan_string(a_stream, feather, phone_number, strlen(phone_number), MAAT_SCAN_GTP_PHONE_NUMBER, s_mid, results, n_results); +} + +//return value: -1: failed, 0: not hit, >0: hit count +size_t tsg_scan_shared_policy(const struct streaminfo *a_stream, struct maat *feather, char *domain, int idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +{ + if(domain==NULL) + { + return 0; + } + + int fqdn_len=get_fqdn_len(domain); + if(fqdn_len==0) + { + return 0; + } + + return tsg_scan_string(a_stream, feather, domain, fqdn_len, (enum MAAT_SCAN_TB)idx, s_mid, results, n_results); +} + +size_t tsg_scan_session_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long flag, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +{ + return tsg_scan_flags(a_stream, feather, flag, MAAT_SCAN_SESSION_FLAGS, s_mid, results, n_results); +} + +struct maat_rule *tsg_select_deny_rule(struct maat_rule *rules, size_t n_rules) +{ + struct maat_rule *p_result=NULL; + + for(size_t i=0; i< n_rules; i++) + { + if(rules[i].action==TSG_ACTION_DENY || rules[i].action==TSG_ACTION_BYPASS) + { + if(p_result==NULL) + { + p_result=&rules[i]; + continue; + } + + if(rules[i].action > p_result->action) + { + p_result=&rules[i]; + continue; + } + + if((rules[i].action==p_result->action) && (rules[i].rule_id > p_result->rule_id)) + { + p_result=&rules[i]; + } + } + } + + return p_result; +} + +int tsg_get_fqdn_category_ids(struct maat *feather, char *fqdn, unsigned int *category_ids, int n_category_ids) +{ + if(category_ids!=NULL && n_category_ids>0) + { + int ret=get_fqdn_category_id(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_FQDN_CAT_USER_DEFINED].id, fqdn, category_ids, n_category_ids); + if(ret>0) + { + return ret; + } + + ret=get_fqdn_category_id(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_FQDN_CAT_BUILT_IN].id, fqdn, category_ids, n_category_ids); + if(ret>0) + { + return ret; + } + } + + return 0; +} + +size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, unsigned int *category_ids, int n_category_ids, int table_idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +{ + if(n_results==0 || category_ids==NULL || n_category_ids<=0 || table_idx<0) + { + return 0; + } + + size_t hit_num=0; + + for(int i=0; ithreadnum, sizeof(struct session_attribute_label)); - memset(attribute_label, 0, sizeof(struct session_attribute_label)); - } + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + srt_attribute_set_ip_asn(a_stream, feather, &(srt_attribute->client_asn), &(srt_attribute->server_asn)); + srt_attribute_set_ip_location(a_stream, feather, &(srt_attribute->client_location), &(srt_attribute->server_location)); do { switch(cur_stream->addr.addrtype) { case ADDR_TYPE_IPV4: - case ADDR_TYPE_IPV6: case __ADDR_TYPE_IP_PAIR_V4: - case __ADDR_TYPE_IP_PAIR_V6: - if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4 || - cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V6) + if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4) { memcpy(&t_addr, &cur_stream->addr, sizeof(t_addr)); - if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4) - { - t_addr.addrtype = ADDR_TYPE_IPV4; - } - else - { - t_addr.addrtype = ADDR_TYPE_IPV6; - } + t_addr.addrtype = ADDR_TYPE_IPV4; + p_addr=&t_addr; + } + else + { + p_addr=(struct ipaddr *)&cur_stream->addr; + } + hit_num+=tsg_scan_ipv4_address(cur_stream, feather,p_addr, MAAT_SCAN_SRC_IP_ADDR, s_mid, results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_ipv4_address(cur_stream, feather,p_addr, MAAT_SCAN_DST_IP_ADDR, s_mid, results+hit_num, n_results-hit_num); + break; + case ADDR_TYPE_IPV6: + case __ADDR_TYPE_IP_PAIR_V6: + if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V6) + { + memcpy(&t_addr, &cur_stream->addr, sizeof(t_addr)); + t_addr.addrtype = ADDR_TYPE_IPV6; p_addr=&t_addr; } else @@ -2781,50 +2762,26 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * p_addr=(struct ipaddr *)&cur_stream->addr; } - if(p_addr==NULL) - { - break; - } - - tans_proto=get_trans_protocol(cur_stream); - ret=Maat_scan_proto_addr(maat_feather, g_tsg_para.table_id[TABLE_IP_ADDR], p_addr, tans_proto, result+hit_num, result_num-hit_num, mid, (int)cur_stream->threadnum); - if(ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP", - "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", - PRINTADDR(cur_stream, g_tsg_para.level), - ret, - result[hit_num].config_id, - result[hit_num].service_id, - (unsigned char)result[hit_num].action - ); - - hit_num+=ret; - } - else - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "No hit addr: %s scan ret: %d", PRINTADDR(a_stream, g_tsg_para.level), ret); - } + hit_num+=tsg_scan_ipv6_address(cur_stream, feather, p_addr, MAAT_SCAN_SRC_IP_ADDR, s_mid, results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_ipv6_address(cur_stream, feather, p_addr, MAAT_SCAN_DST_IP_ADDR, s_mid, results+hit_num, n_results-hit_num); break; case ADDR_TYPE_L2TP: - proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_L2TP].name); - hit_num+=tsg_scan_app_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, g_tsg_proto_name2id[PROTO_L2TP].name, proto_id, (int)a_stream->threadnum); + proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_L2TP].name); + hit_num+=tsg_scan_integer(cur_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, results+hit_num, n_results-hit_num); break; case ADDR_TYPE_PPTP: proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_PPTP].name); - hit_num+=tsg_scan_app_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, g_tsg_proto_name2id[PROTO_PPTP].name, proto_id, (int)a_stream->threadnum); + hit_num+=tsg_scan_integer(cur_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, results+hit_num, n_results-hit_num); break; case ADDR_TYPE_VLAN: - bool_id_array_idx+=tsg_get_vlan_label_id(cur_stream->addr.vlan->c2s_addr_array, cur_stream->addr.vlan->c2s_layer_num, bool_id_array+bool_id_array_idx, TUNNEL_BOOL_ID_MAX-bool_id_array_idx); - bool_id_array_idx+=tsg_get_vlan_label_id(cur_stream->addr.vlan->s2c_addr_array, cur_stream->addr.vlan->s2c_layer_num, bool_id_array+bool_id_array_idx, TUNNEL_BOOL_ID_MAX-bool_id_array_idx); + bool_id_array_idx+=tsg_get_vlan_label_id(feather, cur_stream->addr.vlan->c2s_addr_array, cur_stream->addr.vlan->c2s_layer_num, bool_id_array+bool_id_array_idx, TUNNEL_BOOL_ID_MAX-bool_id_array_idx); + bool_id_array_idx+=tsg_get_vlan_label_id(feather, cur_stream->addr.vlan->s2c_addr_array, cur_stream->addr.vlan->s2c_layer_num, bool_id_array+bool_id_array_idx, TUNNEL_BOOL_ID_MAX-bool_id_array_idx); break; case ADDR_TYPE_GPRS_TUNNEL: - bool_id_array_idx+=tsg_get_endpoint_id(cur_stream->pfather, - g_tsg_para.table_id[TABLE_TUNNEL_ENDPOINT], - &(attribute_label->client_endpoint), - &(attribute_label->server_endpoint), + bool_id_array_idx+=tsg_get_endpoint_id(cur_stream->pfather, + feather, + &(srt_attribute->client_endpoint), + &(srt_attribute->server_endpoint), bool_id_array+bool_id_array_idx, TUNNEL_BOOL_ID_MAX-bool_id_array_idx ); @@ -2836,455 +2793,72 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * } cur_stream=cur_stream->pfather; - }while(cur_stream!=NULL && hit_numthreadnum); + hit_num+=tsg_scan_tunnel_id(a_stream, feather, results+hit_num, n_results-hit_num, s_mid, bool_id_array, bool_id_array_idx); } - if(hit_numPROTO_UNKONWN && protoPROTO_UNKONWN && protothreadnum); + hit_num+=tsg_scan_integer(a_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, results+hit_num, n_results-hit_num); if(proto==PROTO_SMTP || proto==PROTO_IMAP || proto==PROTO_POP3) { proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_MAIL].name); - hit_num+=tsg_scan_app_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, g_tsg_proto_name2id[PROTO_MAIL].name, proto_id, (int)a_stream->threadnum); + hit_num+=tsg_scan_integer(a_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, results+hit_num, n_results-hit_num); } } - if(hit_numclient_location), (void **)&(attribute_label->server_location)); - tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_BUILT_IN], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location)); - - hit_num+=tsg_scan_ip_location(maat_feather, a_stream, attribute_label->client_location, TABLE_SRC_LOCATION, mid, result+hit_num, result_num-hit_num); - hit_num+=tsg_scan_ip_location(maat_feather, a_stream, attribute_label->server_location, TABLE_DST_LOCATION, mid, result+hit_num, result_num-hit_num); + hit_num+=tsg_scan_ip_location(a_stream, feather,srt_attribute->client_location, MAAT_SCAN_SRC_LOCATION, s_mid, results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_ip_location(a_stream, feather, srt_attribute->server_location, MAAT_SCAN_DST_LOCATION, s_mid, results+hit_num, n_results-hit_num); } - if(hit_numclient_asn), (void **)&(attribute_label->server_asn)); - tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_BUILT_IN], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn)); - - hit_num+=tsg_scan_ip_asn(maat_feather, a_stream, attribute_label->client_asn, TABLE_SRC_ASN, mid, result+hit_num, result_num-hit_num); - hit_num+=tsg_scan_ip_asn(maat_feather, a_stream, attribute_label->server_asn, TABLE_DST_ASN, mid, result+hit_num, result_num-hit_num); + hit_num+=tsg_scan_ip_asn(a_stream, feather, srt_attribute->client_asn, MAAT_SCAN_SRC_ASN, s_mid, results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_ip_asn(a_stream, feather, srt_attribute->server_asn, MAAT_SCAN_DST_ASN, s_mid, results+hit_num, n_results-hit_num); } - if(hit_numclient_subscribe_id, &attribute_label->server_subscribe_id); - hit_num+=tsg_scan_subscribe_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->client_subscribe_id, (int)a_stream->threadnum); - hit_num+=tsg_scan_subscribe_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->server_subscribe_id, (int)a_stream->threadnum); + srt_attribute_set_subscriber_id(a_stream, feather, &srt_attribute->client_subscribe_id, &srt_attribute->server_subscribe_id); + hit_num+=tsg_scan_subscribe_id_policy(a_stream, feather, srt_attribute->client_subscribe_id, s_mid, results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_subscribe_id_policy(a_stream, feather, srt_attribute->server_subscribe_id, s_mid, results+hit_num, n_results-hit_num); } - if(hit_numuser_info)); - if(ret==1 && attribute_label->user_info!=NULL) + int ret=session_runtine_attribute_get_umts_user_info(a_stream, &(srt_attribute->user_info)); + if(ret==1 && srt_attribute->user_info!=NULL) { - hit_num+=tsg_scan_gtp_apn_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->apn, (int)a_stream->threadnum); - hit_num+=tsg_scan_gtp_imsi_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->imsi, (int)a_stream->threadnum); - hit_num+=tsg_scan_gtp_phone_number_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->msisdn, (int)a_stream->threadnum); - } - } - - ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (void *)attribute_label); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "ADD_INTERNAL_LABEL", "Add internal label failed, ret: %d addr: %s", ret, PRINTADDR(a_stream, g_tsg_para.level)); - } - - return hit_num; -} - - -//return value: -1: failed, 0: not hit, >0: hit count -int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq) -{ - if(table_id<0 || domain==NULL) - { - return 0; - } - - int fqdn_len=get_fqdn_len(domain); - if(fqdn_len==0) - { - return 0; - } - - int ret=Maat_full_scan_string(g_tsg_maat_feather, table_id, CHARSET_UTF8, domain, fqdn_len, result, NULL, result_num, mid, thread_seq); - if(ret>0) - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_FQDN", - "Hit %s policy_id: %d service: %d action: %d addr: %s", - domain, - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return ret; - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_FQDN", "Not hit %s ret: %d stream_dir: %d addr: %s", domain, ret, a_stream->dir, PRINTADDR(a_stream, g_tsg_para.level)); - - return 0; -} - -int tsg_scan_session_flags(Maat_feather_t maat_feather, const struct streaminfo *a_stream, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned long flag, int thread_seq) -{ - int ret=Maat_scan_flag(maat_feather, table_id, flag, result, result_num, mid, thread_seq); - if(ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_FLAGS", - "Hit flag=%llu policy_id: %d service: %d action: %d addr: %s", - flag, - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return ret; - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_FLAG", "Not hit flag=%llu ret: %d stream_dir: %d addr: %s", flag, ret, a_stream->dir, PRINTADDR(a_stream, g_tsg_para.level)); - - return 0; -} - -struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num) -{ - int i=0; - Maat_rule_t *p_result=NULL; - - for(i=0; i< result_num; i++) - { - if(result[i].action==TSG_ACTION_DENY || result[i].action==TSG_ACTION_BYPASS) - { - if(p_result==NULL) - { - p_result=&result[i]; - continue; - } - - if(result[i].action > p_result->action) - { - p_result=&result[i]; - continue; - } - - if((result[i].action==p_result->action) && (result[i].config_id > p_result->config_id)) - { - p_result=&result[i]; - } - } - } - - return p_result; -} - -int tsg_get_method_id(char *method) -{ - for(int i=0; i0) - { - int ret=get_fqdn_category_id(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], fqdn, category_id, category_id_num, logger, thread_seq); - if(ret>0) - { - return ret; - } - - ret=get_fqdn_category_id(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_BUILT_IN], fqdn, category_id, category_id_num, logger, thread_seq); - if(ret>0) - { - return ret; - } - } - - return 0; -} - -int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq) -{ - if(table_id<0 || result_num<=0 || category_id==NULL || category_id_num <=0) - { - return 0; - } - - int hit_num=0; - - for(int i=0; i0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_FQDN_CAT", - "Hit category_id: %d policy_id: %d service: %d action: %d addr: %s", - category_id[i], - result[hit_num].config_id, - result[hit_num].service_id, - (unsigned char)result[hit_num].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - hit_num+=ret; - } - else - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_FQDN_CAT", "Not hit category_id: %d ret: %d addr: %s", category_id[i], ret, PRINTADDR(a_stream, g_tsg_para.level)); + hit_num+=tsg_scan_gtp_apn_policy(a_stream, feather, srt_attribute->user_info->apn, s_mid, results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_gtp_imsi_policy(a_stream, feather, srt_attribute->user_info->imsi, s_mid, results+hit_num, n_results-hit_num); + hit_num+=tsg_scan_gtp_phone_number_policy(a_stream, feather, srt_attribute->user_info->msisdn, s_mid, results+hit_num, n_results-hit_num); } } return hit_num; } - -int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq) +int tsg_get_app_name_by_id(struct maat *feather, int app_id, char *app_name, int app_name_len, int is_joint_parent) { - int ret=0; - - ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_APP_ID], id, result, result_num, mid, thread_seq); - if(ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_ID", - "Hit %s id: %d ret: %d policy_id: %d service: %d action: %d addr: %s", - name, - id, - ret, - result[0].config_id, - result[0].service_id, - result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return ret; - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_ID", "scan %s id: %d ret: %d addr: %s", name, id, ret, PRINTADDR(a_stream, g_tsg_para.level)); - - return 0; -} - -int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq) -{ - int hit_num=0; - struct Maat_rule_t property_result[MAX_RESULT_NUM]={0}; - - if(property!=NULL && district!=NULL) - { - Maat_set_scan_status(g_tsg_maat_feather, mid, MAAT_SET_SCAN_DISTRICT, (void *)district, strlen(district)); - int ret=Maat_full_scan_string(g_tsg_maat_feather, - g_tsg_para.table_id[TABLE_SELECTOR_PROPERTIES], - CHARSET_UTF8, - property, - strlen(property), - property_result, - NULL, - MAX_RESULT_NUM, - mid, - thread_seq - ); - for(int i=0; i0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_ID", - "Hit selector_id: %d ret: %d policy_id: %d service: %d action: %d addr: %s", - property_result[i].config_id, - ret2, - result[hit_num].config_id, - result[hit_num].service_id, - result[hit_num].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - hit_num+=ret2; - } - else - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_ID","Hit %s selector_id: %d ret: %d addr: %s", - property, property_result[i].config_id, ret2,PRINTADDR(a_stream, g_tsg_para.level)); - } - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_PROPERTY", "scan %s: %s ret: %d addr: %s", district, property, ret, PRINTADDR(a_stream, g_tsg_para.level)); - } - - return hit_num; -} - -int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq) -{ - int maat_ret=0; - - if(user_info==NULL || user_info->subscribe_id==NULL || result==NULL || result_num==0) - { - return 0; - } - - maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_SUBSCRIBER_ID], CHARSET_GBK, user_info->subscribe_id, strlen(user_info->subscribe_id), result, NULL, result_num, mid, thread_seq); - if(maat_ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_SUBSCRIBER", - "Hit source subscribe id: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", - user_info->subscribe_id, - maat_ret, - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return maat_ret; - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_SUBSCRIBER", "No hit source subscribe id: %s scan ret: %d addr: %s", user_info->subscribe_id, maat_ret, PRINTADDR(a_stream, g_tsg_para.level)); - - return 0; -} - -int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq) -{ - int maat_ret=0; - - if(apn==NULL || result==NULL || result_num==0) - { - return 0; - } - - maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_APN], CHARSET_GBK, apn, strlen(apn), result, NULL, result_num, mid, thread_seq); - if(maat_ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_APN", - "Hit APN: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", - apn, - maat_ret, - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return maat_ret; - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_APN", "No hit APN: %s scan ret: %d addr: %s", apn, maat_ret, PRINTADDR(a_stream, g_tsg_para.level)); - - return 0; -} - -int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq) -{ - int maat_ret=0; - - if(imsi==NULL || result==NULL || result_num==0) - { - return 0; - } - - maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_IMSI], CHARSET_GBK, imsi, strlen(imsi), result, NULL, result_num, mid, thread_seq); - if(maat_ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IMSI", - "Hit IMSI: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", - imsi, - maat_ret, - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return maat_ret; - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IMSI", "No hit IMSI: %s scan ret: %d addr: %s", imsi, maat_ret, PRINTADDR(a_stream, g_tsg_para.level)); - - return 0; -} - -int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq) -{ - int maat_ret=0; - - if(phone_number==NULL || result==NULL || result_num==0) - { - return 0; - } - - maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_PHONE_NUMBER], CHARSET_GBK, phone_number, strlen(phone_number), result, NULL, result_num, mid, thread_seq); - if(maat_ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "PHONE_NUMBER", - "Hit PHONE_NUMBER: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", - phone_number, - maat_ret, - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return maat_ret; - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PHONE_NUMBER", "No hit PHONE_NUMBER: %s scan ret: %d addr: %s", phone_number, maat_ret, PRINTADDR(a_stream, g_tsg_para.level)); - - return 0; -} - -int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent) -{ - int offset=0; - char app_id_buff[128]={0}; - struct app_id_dict *dict=NULL; - if(app_id<=0 || app_name==NULL || app_name_len<=0) { - return offset; + return 0; } - snprintf(app_id_buff, sizeof(app_id_buff), "%d", app_id); - dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); + int offset=0; + long long ll_app_id=(long long)app_id; + struct app_id_dict *dict=(struct app_id_dict *)maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&(ll_app_id)); if(dict!=NULL) { if((int)strlen(dict->app_name) > app_name_len) { + ex_data_app_id_dict_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (void **)&dict, 0, NULL); return offset; } @@ -3297,7 +2871,7 @@ int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_p offset=snprintf(app_name, app_name_len, "%s", dict->app_name); } - app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); + ex_data_app_id_dict_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (void **)&dict, 0, NULL); return offset; } @@ -3305,204 +2879,203 @@ int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_p return offset; } -int tsg_free_compile_user_region(const struct Maat_rule_t *rule, struct compile_user_region *user_region) +struct maat_compile *matched_rule_cites_security_compile(struct maat *feather, struct maat_rule *result) { - security_compile_free(0, rule, NULL , (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); - - return 0; + return (struct maat_compile *)maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SECURITY_COMPILE].id, (const char *)&(result->rule_id)); } -struct compile_user_region *tsg_get_compile_user_region(const Maat_feather_t maat_feather, struct Maat_rule_t *result) +int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *results, size_t n_results, int thread_seq) { - return ((struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE])); -} - -int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq) -{ - int i=0; - char profile_id_str[32]={0}; - struct tsg_notify_data notify_data={0}; - struct compile_user_region *user_region=NULL; + struct maat_compile *maat_compile=NULL; struct traffic_mirror_profile *mirror_profile=NULL; - for(i=0; imethod_type==TSG_METHOD_TYPE_MIRRORED && user_region->mirror!=NULL && user_region->mirror->enabled==1) + + if(maat_compile->user_region==NULL) { - snprintf(profile_id_str, sizeof(profile_id_str), "%d", user_region->mirror->profile_id); - mirror_profile=(struct traffic_mirror_profile *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_PROFILE_MIRROR], profile_id_str); + plugin_ex_data_security_compile_free(maat_compile); + continue; + } + + if(maat_compile->user_region->method_type==TSG_METHOD_TYPE_MIRRORED && maat_compile->user_region->mirror!=NULL && maat_compile->user_region->mirror->enabled==1) + { + mirror_profile=(struct traffic_mirror_profile *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_PROFILE_MIRROR].id, (const char *)&(maat_compile->user_region->mirror->profile_id)); if(mirror_profile!=NULL) { - notify_data.compile_id=result[i].config_id; - notify_data.type=NOTIFY_TYPE_MIRRORED; - notify_data.vlan=&(mirror_profile->vlan); - - stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data)); - mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL); + session_mirror_packets_sync(a_stream, &results[i], &(mirror_profile->vlan)); + ex_data_mirrored_profile_free(0, (void **)&mirror_profile, 0, NULL); } else { - notify_data.compile_id=result[i].config_id; - notify_data.type=NOTIFY_TYPE_MIRRORED; - notify_data.vlan=&(g_tsg_para.default_vlan); - stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data)); + session_mirror_packets_sync(a_stream, &results[i], &(g_tsg_maat_rt_para.default_vlan)); } } - if(user_region->capture.enabled==1) + if(maat_compile->user_region->capture.enabled==1) { - notify_data.compile_id=result[i].config_id; - notify_data.type=NOTIFY_TYPE_CAPTURE; - notify_data.capture_depth=user_region->capture.depth; - stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data)); + session_capture_packets_sync(a_stream, &results[i], maat_compile->user_region->capture.depth); } - tsg_free_compile_user_region(&(result[i]), user_region); - user_region=NULL; + plugin_ex_data_security_compile_free(maat_compile); + maat_compile=NULL; } return 1; } -char *tsg_get_column_string_value(const char* line, int column_seq) +struct umts_user_info *tsg_get_umts_user_info_form_redis(struct maat *feather, long long teid) { - int ret=0; - size_t offset=0; - size_t length=0; - - ret=get_column_pos(line, column_seq, &offset, &length); - if(ret>=0) - { - return _malloc_field(line+offset, length); - } - - return NULL; + return (struct umts_user_info *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_GTP_IP2SIGNALING].id, (const char *)&(teid)); } -int tsg_get_column_integer_value(const char* line, int column_seq) +void *matched_rule_cites_http_response_pages(struct maat *feather, long long profile_id) { - int ret=0; - size_t offset=0; - size_t length=0; + return maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_RESPONSE_PAGES].id, (const char *)&profile_id); +} - ret=get_column_pos(line, column_seq, &offset, &length); - if(ret>=0) +void plugin_ex_data_http_response_pages_free(struct http_response_pages *response_pages) +{ + ex_data_http_response_pages_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_RESPONSE_PAGES].id, (void **)&response_pages, 0, NULL); +} + +void *matched_rule_cites_security_compile(struct maat *feather, long long compile_id) +{ + return maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SECURITY_COMPILE].id, (const char *)&compile_id); +} + +void plugin_ex_data_security_compile_free(struct maat_compile *maat_compile) +{ + ex_data_security_compile_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SECURITY_COMPILE].id, (void **)&maat_compile, 0, NULL); +} + +void *matched_rule_cites_app_id_dict(struct maat *feather, long long app_id) +{ + return maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&app_id); +} + +void plugin_ex_data_app_id_dict_free(struct app_id_dict *dict) +{ + ex_data_app_id_dict_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (void **)&dict, 0, NULL); +} + +void *matched_rule_cites_dns_profile_record(struct maat *feather, long long profile_id) +{ + return maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); +} + +void plugin_ex_data_dns_profile_record_free(struct dns_profile_records *records) +{ + ex_data_app_id_dict_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (void **)&records, 0, NULL); +} + +size_t tsg_matched_rules_select(struct maat *feather, TSG_SERVICE service, long long *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules) +{ + size_t offset=0; + for(size_t i=0; irule.service_id==service && offsetrule; + } + + ex_data_security_compile_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SECURITY_COMPILE].id, (void **)&(maat_compile), 0, NULL); + } + + return offset; +} + +size_t tm_select_result_by_service_id(struct maat_rule *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules, enum TSG_SERVICE service_id) +{ + size_t offset=0; + for(size_t i=0; i0) - { - set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_CATEGORY_ID, (void *)category_id, category_id_num, thread_seq); - } - - return 0; + return MAAT_SCAN_HTTP_URL; } -int tsg_get_location_type(void) +int tsg_session_record_switch_get(void) { - return g_tsg_para.location_field_num; + return g_tsg_maat_rt_para.session_record_switch; } -struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid) +int tsg_location_type_get(void) { - char teid_str[32]={0}; - snprintf(teid_str, sizeof(teid_str), "%u", teid); - return (struct umts_user_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_table_id[DYN_TABLE_GTP_SIGNALING], (const char *)teid_str); + return g_tsg_maat_rt_para.location_field_num; } -int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *shaping_result, int shaping_result_num) +long long tsg_default_compile_id_get(void) { - if(hited_result==NULL || hited_result_num<=0 || shaping_result==NULL || shaping_result_num<=0) - { - return 0; - } - - int result_cnt=0; - for(int i=0; i=shaping_result_num) - { - break; - } - - memcpy(&(shaping_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t)); - } - - return result_cnt; - + return g_tsg_maat_rt_para.default_compile_id; } -int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num) +char *tsg_data_center_get(void) { - if(hited_result==NULL || hited_result_num<=0 || security_result==NULL || security_result_num<=0) - { - return 0; - } - - int result_cnt=0; - for(int i=0; i=security_result_num) - { - break; - } - - memcpy(&(security_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t)); - } - - return result_cnt; + return g_tsg_maat_rt_para.data_center; } -int tsg_fetch_hited_s_chaining_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *s_chaining_result, int s_chaining_result_num) +char *tsg_device_tag_get(void) { - if(hited_result==NULL || hited_result_num<=0 || s_chaining_result==NULL || s_chaining_result_num<=0) - { - return 0; - } - - int result_cnt=0; - for(int i=0; i=s_chaining_result_num) - { - break; - } - - memcpy(&(s_chaining_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t)); - } - - return result_cnt; + return g_tsg_maat_rt_para.device_tag; } diff --git a/src/tsg_rule_internal.h b/src/tsg_rule_internal.h new file mode 100644 index 0000000..2910e1a --- /dev/null +++ b/src/tsg_rule_internal.h @@ -0,0 +1,177 @@ +#pragma once + +#include + +#include "tsg_rule.h" +#include "tsg_variable.h" + +#ifndef MAX_FILEPATH_LEN +#define MAX_FILEPATH_LEN 128 +#endif + +#ifndef MAX_IPV6_ADDR_LEN +#define MAX_IPV6_ADDR_LEN 128 +#endif + +#ifndef TUNNEL_BOOL_ID_MAX +#define TUNNEL_BOOL_ID_MAX 128 +#endif + +#ifndef TUNNEL_CATALOG_MAX +#define TUNNEL_CATALOG_MAX 128 +#endif + +#ifndef MAX_TABLE_NAME_LEN +#define MAX_TABLE_NAME_LEN 64 +#endif + +enum MAAT_MODE +{ + MAAT_MODE_FILE=0, + MAAT_MODE_JSON, + MAAT_MODE_REDIS, + MAAT_MODE_MAX +}; + +enum MAAT_PLUGIN_TB +{ + MAAT_PLUGIN_SECURITY_COMPILE=0, + MAAT_PLUGIN_ASN_USER_DEFINED, + MAAT_PLUGIN_ASN_BUILT_IN, + MAAT_PLUGIN_LOCATION_USER_DEFINED, + MAAT_PLUGIN_LOCATION_BUILT_IN, + MAAT_PLUGIN_FQDN_CAT_USER_DEFINED, + MAAT_PLUGIN_FQDN_CAT_BUILT_IN, + MAAT_PLUGIN_APP_ID_DICT, + MAAT_PLUGIN_RESPONSE_PAGES, + MAAT_PLUGIN_DNS_PROFILE_RECORD, + MAAT_PLUGIN_PROFILE_MIRROR, + MAAT_PLUGIN_TUNNEL_CATALOG, + MAAT_PLUGIN_TUNNEL_ENDPOINT, + MAAT_PLUGIN_TUNNEL_LABEL, + MAAT_PLUGIN_SESSION_LOG, //T_VSYS_INFO, + MAAT_PLUGIN_SUBSCRIBER_IP2ID, + MAAT_PLUGIN_GTP_IP2SIGNALING, + MAAT_PLUGIN_MAX +}; + +struct maat_plugin_table +{ + int id; + char name[MAX_TABLE_NAME_LEN]; + maat_ex_new_func_t *ex_new; + maat_ex_free_func_t *ex_free; + maat_ex_dup_func_t *ex_dup; +}; + +enum MAAT_SCAN_TB +{ + MAAT_SCAN_SRC_IP_ADDR=0, + MAAT_SCAN_DST_IP_ADDR, + MAAT_SCAN_SUBSCRIBER_ID, + MAAT_SCAN_APP_ID, + MAAT_SCAN_HTTP_HOST, + MAAT_SCAN_HTTP_URL, + MAAT_SCAN_SSL_SNI, + MAAT_SCAN_EXCLUSION_SSL_SNI, + MAAT_SCAN_SRC_ASN, + MAAT_SCAN_DST_ASN, + MAAT_SCAN_SRC_LOCATION, + MAAT_SCAN_DST_LOCATION, + MAAT_SCAN_QUIC_SNI, + //MAAT_SCAN_FQDN_CAT_ID, + MAAT_SCAN_SELECTOR_ID, + MAAT_SCAN_SELECTOR_PROPERTIES, + MAAT_SCAN_GTP_APN, + MAAT_SCAN_GTP_IMSI, + MAAT_SCAN_GTP_PHONE_NUMBER, + MAAT_SCAN_DTLS_SNI, + MAAT_SCAN_TUNNEL_ID, + MAAT_SCAN_SESSION_FLAGS, + MAAT_SCAN_MAX +}; + +struct maat_scan_table +{ + int id; + char name[MAX_TABLE_NAME_LEN]; +}; + +struct maat_runtime_para +{ + int level; + int default_compile_id; + int location_field_num; + int session_record_switch; + char data_center[MAX_STRING_LEN128]; + char device_tag[MAX_STRING_LEN128]; + struct mirrored_vlan default_vlan; + struct maat_scan_table scan_tb[MAAT_SCAN_MAX]; + struct maat_plugin_table plugin_tb[MAAT_PLUGIN_MAX]; + void *logger; +}; + +struct maat_compile +{ + int ref_cnt; + struct maat_rule rule; + char *p_user_region; + struct compile_user_region *user_region; +}; + +int tsg_maat_rule_init(const char *conffile); + +void plugin_ex_data_gtp_c_free(struct umts_user_info *user_info); +void plugin_ex_data_asn_number_free(struct asn_info *asn); +void plugin_ex_data_location_free(struct location_info *location); +void plugin_ex_data_subscriber_id_free(struct subscribe_id_info *subscriber); +void plugin_ex_data_tunnel_endpoint_free(struct tunnel_endpoint *t_enpoint); +void plugin_ex_data_http_response_pages_free(struct http_response_pages *response_pages); +void plugin_ex_data_app_id_dict_free(struct app_id_dict * dict); +void plugin_ex_data_security_compile_free(struct maat_compile *maat_compile); +void plugin_ex_data_dns_profile_record_free(struct dns_profile_records * records); + +void tsg_maat_state_free(struct maat_state *state); +int srt_attribute_set_ip_asn(const struct streaminfo *a_stream, struct maat *feather, struct asn_info **client_asn, struct asn_info **server_asn); +int srt_attribute_set_ip_location(const struct streaminfo *a_stream, struct maat *feather, struct location_info **client_location, struct location_info **server_location); +int srt_attribute_set_subscriber_id(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info **client_subscriber_id, struct subscribe_id_info **server_subscriber_id); + +int session_runtine_attribute_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info); +struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid); + +void *matched_rule_cites_http_response_pages(struct maat *feather, long long profile_id); +void *matched_rule_cites_app_id_dict(struct maat *feather, long long app_id); +void *matched_rule_cites_security_compile(struct maat *feather, long long compile_id); +void *matched_rule_cites_dns_profile_record(struct maat *feather, long long profile_id); + +char *tsg_data_center_get(void); +char *tsg_device_tag_get(void); +int tsg_location_type_get(void); +int tsg_session_record_switch_get(void); +int tsg_table_idx_get_by_protocol(enum TSG_PROTOCOL proto); +int tsg_http_url_table_idx_get(void); +long long tsg_default_compile_id_get(void); + + +//parent_app_name.app_name +int tsg_get_app_name_by_id(struct maat *feather, int app_id, char *app_name, int app_name_len, int is_joint_parent); + +size_t tsg_scan_session_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long flag, struct maat_state *s_mid, struct maat_rule *results, size_t n_results); +size_t tsg_scan_app_id_policy(const struct streaminfo *a_stream, struct maat *feather, unsigned int app_id, struct maat_state *s_mid, struct maat_rule *results, size_t n_results); +size_t tsg_scan_shared_policy(const struct streaminfo *a_stream, struct maat *feather, char *domain, int idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results); +size_t tsg_scan_app_properties_policy(const struct streaminfo *a_stream, struct maat *feather, char *property, char *district, struct maat_state *s_mid, struct maat_rule *results, int n_results); +size_t tsg_scan_tunnel_id(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *results, size_t n_results, struct maat_state *s_mid, long long *bool_id_array, size_t n_bool_id_array); +size_t tsg_scan_fqdn_category_id(const struct streaminfo * a_stream, struct maat *feather, unsigned int *category_id, int category_id_num, int table_idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results); + +int tsg_scan_intercept_exclusion(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *p_result, char *domain, int thread_seq); + +struct maat_rule *tsg_select_deny_rule(struct maat_rule *rules, size_t n_rules); + +struct umts_user_info *tsg_get_umts_user_info_form_redis(struct maat *feather, long long teid); + +size_t tsg_select_matched_security_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules); +size_t tsg_select_matched_shaping_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules); +size_t tsg_select_matched_service_chaining_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules); + +int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq); + diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 5cdb35c..d2e11ec 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -19,7 +19,9 @@ #include "app_label.h" #include "tsg_entry.h" +#include "tsg_bridge.h" #include "tsg_send_log.h" +#include "tsg_rule_internal.h" #include "tsg_send_log_internal.h" #include "rapidjson/document.h" // rapidjson's DOM-style API @@ -33,7 +35,6 @@ using namespace rapidjson; using namespace std; -char TSG_SEND_LOG_VERSION_20200729=0; struct tsg_log_instance_t *g_tsg_log_instance; struct TLD_handle_t @@ -127,7 +128,7 @@ static int register_topic(struct tsg_log_instance_t *instance, struct topic_stat for(int i=0; isend_log_percent[i]=100; - topic->drop_start[i]=get_current_time_ms(); + topic->drop_start[i]=tsg_get_current_time_ms(); } topic->fs2_line_id=FS_register(_instance->fs2_handle, FS_STYLE_LINE, FS_CALC_SPEED, topic->name); @@ -138,7 +139,7 @@ static int register_topic(struct tsg_log_instance_t *instance, struct topic_stat static int update_percent(struct tsg_log_instance_t *_instance, int service_id, enum LOG_COLUMN_STATUS column, int thread_id) { - long long current_time_ms=get_current_time_ms(); + long long current_time_ms=tsg_get_current_time_ms(); struct topic_stat *topic=(struct topic_stat *)&(_instance->service2topic[service_id]); switch(column) @@ -202,7 +203,7 @@ static struct tsg_log_instance_t *get_log_instance(void) return NULL; } -static int is_tunnels(struct streaminfo *a_stream) +static int is_tunnels(const struct streaminfo *a_stream) { const struct streaminfo *ptmp = a_stream; const struct streaminfo *pfather=NULL; @@ -240,7 +241,7 @@ static int is_tunnels(struct streaminfo *a_stream) return is_tunnel; } -static int set_isn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, enum MESA_stream_opt type) +static int set_isn(const struct streaminfo *a_stream, struct TLD_handle_t *_handle, char *field_name, enum MESA_stream_opt type) { unsigned int isn=0; int size=sizeof(isn); @@ -253,21 +254,21 @@ static int set_isn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, ch return 1; } -static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { if(a_stream->type==STREAM_TYPE_TCP) { switch(a_stream->dir) { - case DIR_C2S: - set_isn(_handle, a_stream, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, MSO_TCP_ISN_C2S); + case DIR_C2S: + set_isn(a_stream, _handle, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, MSO_TCP_ISN_C2S); break; - case DIR_S2C: - set_isn(_handle, a_stream, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, MSO_TCP_ISN_S2C); + case DIR_S2C: + set_isn(a_stream, _handle, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, MSO_TCP_ISN_S2C); break; case DIR_DOUBLE: - set_isn(_handle, a_stream, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, MSO_TCP_ISN_C2S); - set_isn(_handle, a_stream, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, MSO_TCP_ISN_S2C); + set_isn(a_stream, _handle, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, MSO_TCP_ISN_C2S); + set_isn(a_stream, _handle, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, MSO_TCP_ISN_S2C); break; default: break; @@ -277,9 +278,9 @@ static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t return 1; } -static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - const char *linkinfo=(const char *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]); + const char *linkinfo=(const char *)session_mac_linkinfo_get(a_stream); if(linkinfo==NULL) { return 0; @@ -301,7 +302,7 @@ static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_ TLD_append(_handle, (char *)"common_egress_link_id", (void *)(long)(item->valueint), TLD_TYPE_LONG); } - item=cJSON_GetObjectItem(object, "common_ingress_link_id"); + item=cJSON_GetObjectItem(object, "common_ingress_link_id"); if(item!=NULL) { TLD_append(_handle, (char *)"common_ingress_link_id", (void *)(long)(item->valueint), TLD_TYPE_LONG); @@ -316,7 +317,7 @@ static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_ return 0; } -static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info) +static int set_asn(struct TLD_handle_t *_handle, const struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info) { if(asn_info!=NULL) { @@ -334,7 +335,7 @@ static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, ch return 1; } -static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct location_info *location_info) +static int set_location(struct TLD_handle_t *_handle, const struct streaminfo *a_stream, char *field_name, struct location_info *location_info) { if(location_info==NULL) { @@ -344,7 +345,7 @@ static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_strea int len=0; char buff[1024]={0}; int buff_len=sizeof(buff); - int location_type=tsg_get_location_type(); + int location_type=tsg_location_type_get(); switch(location_type) { case 18: @@ -376,9 +377,9 @@ static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_strea return 1; } -static int set_direction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_direction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - char direction=get_direction_from_tcpall(a_stream); + char direction=srt_action_context_get_direction(a_stream); if(direction>0) { TLD_append(_handle, _instance->id2field[LOG_COMMON_DIRECTION].name, (void *)(long)direction, TLD_TYPE_LONG); @@ -388,7 +389,7 @@ static int set_direction(struct tsg_log_instance_t *_instance, struct TLD_handle return 0; } -static int set_address_list(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_address_list(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { unsigned short tunnel_type=0; char nest_addr_buf[1024]; @@ -409,7 +410,7 @@ static int set_address_list(struct tsg_log_instance_t *_instance, struct TLD_han return 1; } -static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { int addr_type=0; unsigned short c_port=0, s_port=0; @@ -456,7 +457,7 @@ static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t return 1; } -static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { long common_con_duration_ms=0; int size=sizeof(unsigned long long); @@ -500,7 +501,7 @@ static int set_subscriber_id(struct TLD_handle_t *_handle, char *field_name, str return 0; } -static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, unsigned int *category_id, int category_id_num) +static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, unsigned int *category_id, int category_id_num) { int i=0; if(category_id_num<=0 || category_id==NULL) @@ -519,7 +520,7 @@ static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_ha return 1; } -static int set_umts_user_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct umts_user_info *user_info) +static int set_umts_user_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, struct umts_user_info *user_info) { if(user_info==NULL) { @@ -549,7 +550,7 @@ static int set_umts_user_info(struct tsg_log_instance_t *_instance, struct TLD_h return 1; } -static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { struct tcp_flow_stat *tflow_project=NULL; struct udp_flow_stat *uflow_project=NULL; @@ -600,7 +601,7 @@ static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name, for(j=0; j0) { add_str_member(_handle, &object, "app_name", app_name); @@ -636,7 +637,7 @@ static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, c { char app_name[512]={0}; Value object(kObjectType); - int ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1); + int ret=tsg_get_app_name_by_id(g_tsg_maat_feather, result->attributes[i].app_id, app_name, sizeof(app_name), 1); if(ret>0) { add_str_member(_handle, &object, "app_name", app_name); @@ -666,11 +667,11 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st for(i=0; iapp_num; i++) { memset(app_name, 0, sizeof(app_name)); - tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1); + tsg_get_app_name_by_id(g_tsg_maat_feather, result->attributes[i].app_id, app_name, sizeof(app_name), 1); if(strnlen(app_name, sizeof(app_name)) > 0) { Value app_name_str; - app_name_str.SetString(app_name, _handle->document->GetAllocator()); + app_name_str.SetString(app_name, _handle->document->GetAllocator()); array.PushBack(app_name_str, _handle->document->GetAllocator()); } } @@ -802,7 +803,7 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han if(combined_num==0) { - offset=tsg_app_id2name(result[ORIGIN_UNKNOWN].attributes[0].app_id, app_full_path, sizeof(app_full_path), 0); + offset=tsg_get_app_name_by_id(g_tsg_maat_feather, result[ORIGIN_UNKNOWN].attributes[0].app_id, app_full_path, sizeof(app_full_path), 0); if(offset>0) { TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_full_path, TLD_TYPE_STRING); @@ -814,7 +815,7 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han for(int i=0; i0) { app_full_path[offset++]='.'; @@ -840,13 +841,13 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han return 1; } -int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - struct gather_app_result *gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); + struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); if(gather_result==NULL) { char app_name[512]={0}; - if(tsg_app_id2name(_instance->unknown_app_id, app_name, sizeof(app_name), 0)) + if(tsg_get_app_name_by_id(g_tsg_maat_feather, _instance->unknown_app_id, app_name, sizeof(app_name), 0)) { TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_name, TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING); @@ -879,7 +880,7 @@ int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handl return 1; } -int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id) +int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, enum LOG_FIELD_ID id) { if(layer_num==0) { @@ -897,7 +898,7 @@ int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, return 1; } -static int set_mpls(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_mpls_addr *mpls_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id) +static int set_mpls(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_mpls_addr *mpls_addr, int layer_num, Value *tunnel_object, enum LOG_FIELD_ID id) { if(layer_num==0) { @@ -1209,9 +1210,9 @@ int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff return 1; } -static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id); + struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)session_conn_sketch_notify_data_get(a_stream); if(notify_mail!=NULL && notify_mail->pdata.mail_eml_filename!=NULL && notify_mail->protocol==PROTO_MAIL) { TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name); @@ -1222,10 +1223,9 @@ static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_ return 0; } - -static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - struct business_notify_data *bnd_label=(struct business_notify_data *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]); + struct business_notify_data *bnd_label=(struct business_notify_data *)session_business_data_get(a_stream); if(bnd_label==NULL || bnd_label->pdata==NULL) { return 0; @@ -1234,7 +1234,7 @@ static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_hand switch(bnd_label->proto) { case PROTO_HTTP: - TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name); + TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name); if(bnd_label->s3_http==NULL) @@ -1242,7 +1242,7 @@ static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_hand break; } - TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name, bnd_label->s3_http->request_filename, TLD_TYPE_STRING); + TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name, bnd_label->s3_http->request_filename, TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name, bnd_label->s3_http->response_filename, TLD_TYPE_STRING); break; default: @@ -1252,20 +1252,29 @@ static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_hand return 1; } -int set_nat_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, int project_id) +int set_nat_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - const char *nat_linkinfo=(const char *)stream_bridge_async_data_get(a_stream, project_id); - if(nat_linkinfo==NULL) + if(_instance->send_nat_linkinfo==0 || a_stream==NULL) { return 0; } - copy_rapidjson(_handle, field_name, nat_linkinfo); + char *c2s_linkinfo=(char *)session_nat_c2s_linkinfo_get(a_stream); + if(c2s_linkinfo!=NULL) + { + copy_rapidjson(_handle, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, c2s_linkinfo); + } + + char *s2c_linkinfo=(char *)session_nat_s2c_linkinfo_get(a_stream); + if(s2c_linkinfo!=NULL) + { + copy_rapidjson(_handle, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, s2c_linkinfo); + } - return 0; + return 1; } -static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, Value *object, enum addr_type_t up_layer_type) +static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, Value *object, enum addr_type_t up_layer_type) { char ip_buff[64]={0}; if(a_stream==NULL) @@ -1273,7 +1282,7 @@ static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct T return 0; } - tsg_log_field_id_t s_ip_idx, d_ip_idx, s_port_idx, d_port_idx; + enum LOG_FIELD_ID s_ip_idx, d_ip_idx, s_port_idx, d_port_idx; switch(up_layer_type) { @@ -1332,9 +1341,9 @@ struct session_marker_notify_ctx char *identify_str; }; -int set_session_flags(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +int set_session_flags(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - struct session_marker_notify_ctx *sm_notify=(struct session_marker_notify_ctx *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_ASYNC_SESSION_FLAGS]); + struct session_marker_notify_ctx *sm_notify=(struct session_marker_notify_ctx *)session_session_flags_get(a_stream); if(sm_notify==NULL) { return 0; @@ -1353,18 +1362,23 @@ int set_session_flags(struct tsg_log_instance_t *_instance, struct TLD_handle_t return 0; } -int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); - if(shaping_label==NULL) + if(a_stream==NULL) + { + return 0; + } + + struct matched_policy_rules *hited_shaping=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_SHAPING); + if(hited_shaping==NULL) { return 0; } Value shaping_rule_ids_array(kArrayType); - for(int i=0; ishaping_result_num; i++) + for(size_t i=0; in_rules; i++) { - shaping_rule_ids_array.PushBack(shaping_label->shaping_result[i].config_id, _handle->document->GetAllocator()); + shaping_rule_ids_array.PushBack((unsigned int)(hited_shaping->rules[i].rule_id), _handle->document->GetAllocator()); } TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *) &shaping_rule_ids_array, TLD_TYPE_OBJECT); @@ -1372,7 +1386,7 @@ int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle return 0; } -static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { int ret=0; char ip_buff[64]={0}; @@ -1469,7 +1483,7 @@ static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_h return 0; } -char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id) +char *log_field_id2name(struct tsg_log_instance_t *instance, enum LOG_FIELD_ID id) { struct tsg_log_instance_t *_instance=instance; if(_instance!=NULL) @@ -1480,66 +1494,45 @@ char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t return NULL; } -unsigned long long tsg_get_stream_id(struct streaminfo * a_stream) -{ - int ret=0; - int device_id_size=sizeof(unsigned long long); - unsigned long long device_id=(unsigned long long)g_tsg_para.device_seq_in_dc; - - ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size); - if(ret==0) - { - return device_id; - } - - return -1; -} - -int is_multi_hit_same_policy(struct Maat_rule_t *result, int *policy_id, int *policy_id_num) +int is_multi_hit_same_policy(struct maat_rule *result, int *policy_id, int *policy_id_num) { int j=0; for(j=0;j<*policy_id_num;j++) { - if(policy_id[j]==result->config_id) + if(policy_id[j]==result->rule_id) { return 1; } } - policy_id[(*policy_id_num)++]=result->config_id; + policy_id[(*policy_id_num)++]=result->rule_id; return 0; } -static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_log_instance_t *_instance, struct Maat_rule_t *p_result, int thread_seq) +static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_log_instance_t *_instance, struct maat_rule *p_result, int thread_seq) { cJSON *item=NULL; cJSON *object=NULL; - char *user_region=NULL; TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_SUB_ACTION].name); - if(p_result->action!=TSG_ACTION_NONE && p_result->serv_def_len>0) + if(p_result->action!=TSG_ACTION_NONE) { - user_region=(char *)dictator_malloc(thread_seq, p_result->serv_def_len+1); - int ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1); - if(ret==p_result->serv_def_len) + struct maat_compile *compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id); + if(compile!=NULL && compile->p_user_region!=NULL) { - user_region[p_result->serv_def_len]='\0'; - - object=cJSON_Parse(user_region); - + object=cJSON_Parse(compile->p_user_region); if(_instance->send_user_region==1) { - TLD_append(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name, (void *)user_region, TLD_TYPE_STRING); - } - } + TLD_append(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name, (void *)(compile->p_user_region), TLD_TYPE_STRING); + } - dictator_free(thread_seq, user_region); - user_region=NULL; + plugin_ex_data_security_compile_free(compile); + } } if(object==NULL) @@ -1573,35 +1566,20 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo return 0; } -int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - if(a_stream==NULL) + struct application_behavior *behavior_result=(struct application_behavior *)session_application_behavior_get(a_stream); + if(behavior_result!=NULL) { - return 0; + TLD_append(_handle, _instance->id2field[LOG_COMMON_APPLICATION_BEHAVIOR].name, (void *)(behavior_result->stream_behavior), TLD_TYPE_STRING); } - - struct application_behavior *behavior_result=NULL; - behavior_result=(struct application_behavior *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]); - if(behavior_result==NULL) - { - return 0; - } - - TLD_append(_handle, _instance->id2field[LOG_COMMON_APPLICATION_BEHAVIOR].name, (void *)(behavior_result->stream_behavior), TLD_TYPE_STRING); return 1; } -int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result) +int set_policy_action_para_exec_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, struct maat_rule *p_result) { - if(a_stream==NULL) - { - return 0; - } - - int i=0; - struct tsg_notify_execution_result *execution_result=NULL; - execution_result=(struct tsg_notify_execution_result *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]); + struct tsg_notify_execution_result *execution_result=(struct tsg_notify_execution_result *)session_mirrored_and_capture_packets_exec_result_get(a_stream); if(execution_result==NULL) { return 0; @@ -1611,19 +1589,19 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD TLD_delete(_handle, _instance->id2field[LOG_COMMON_MIRRORED_BYTES].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name); - for(i=0; istat_mirrored_cnt; i++) + for(int i=0; istat_mirrored_cnt; i++) { - if(execution_result->stat_mirrored[i].compile_id==p_result->config_id) + if(execution_result->stat_mirrored[i].compile_id==p_result->rule_id) { - TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_PKTS].name, (void *)(execution_result->stat_mirrored[i].packets), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_PKTS].name, (void *)(execution_result->stat_mirrored[i].packets), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_BYTES].name, (void *)(execution_result->stat_mirrored[i].bytes), TLD_TYPE_LONG); break; } } - for(i=0; icapture_result_cnt; i++) + for(int i=0; icapture_result_cnt; i++) { - if(execution_result->capture_result[i].compile_id==p_result->config_id) + if(execution_result->capture_result[i].compile_id==p_result->rule_id) { TLD_append(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name, (void *)(execution_result->capture_result[i].packet_path), TLD_TYPE_STRING); break; @@ -1633,85 +1611,82 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD return 1; } -int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - int ret=0; - struct session_attribute_label *attribute_label=NULL; - - attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, _instance->session_attribute_project_id); - if(attribute_label==NULL) + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + if(srt_attribute==NULL) { return 0; } - if(attribute_label->establish_latency_ms>0) + if(srt_attribute->establish_latency_ms>0) { - TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)attribute_label->establish_latency_ms, TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)srt_attribute->establish_latency_ms, TLD_TYPE_LONG); } - if(attribute_label->http_action_file_size>0) + if(srt_attribute->http_action_file_size>0) { - TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_ACTION_FILESIZE].name, (void *)(long)attribute_label->http_action_file_size, TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_ACTION_FILESIZE].name, (void *)(long)srt_attribute->http_action_file_size, TLD_TYPE_LONG); } - set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_ASN].name, attribute_label->client_asn); - set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_ASN].name, attribute_label->server_asn); + set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_ASN].name, srt_attribute->client_asn); + set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_ASN].name, srt_attribute->server_asn); - set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, attribute_label->client_location); - set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, attribute_label->server_location); + set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, srt_attribute->client_location); + set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, srt_attribute->server_location); - ret=set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, attribute_label->client_subscribe_id); + int ret=set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, srt_attribute->client_subscribe_id); if(ret==0) { - set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, attribute_label->server_subscribe_id); + set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, srt_attribute->server_subscribe_id); } - set_fqdn_category(_instance, _handle, a_stream, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num); + set_fqdn_category(_instance, _handle, a_stream, srt_attribute->fqdn_category_ids, srt_attribute->n_fqdn_category_ids); - if(attribute_label->ja3_fingerprint!=NULL) + if(srt_attribute->ja3_fingerprint!=NULL) { - TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)attribute_label->ja3_fingerprint, TLD_TYPE_STRING); + TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)srt_attribute->ja3_fingerprint, TLD_TYPE_STRING); } - set_umts_user_info(_instance, _handle, a_stream, attribute_label->user_info); + set_umts_user_info(_instance, _handle, a_stream, srt_attribute->user_info); - if(attribute_label->client_endpoint!=NULL) + if(srt_attribute->client_endpoint!=NULL) { - TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_A_DESC].name, (void *)attribute_label->client_endpoint->description, TLD_TYPE_STRING); + TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_A_DESC].name, (void *)srt_attribute->client_endpoint->description, TLD_TYPE_STRING); } - if(attribute_label->server_endpoint!=NULL) + if(srt_attribute->server_endpoint!=NULL) { - TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_B_DESC].name, (void *)attribute_label->server_endpoint->description, TLD_TYPE_STRING); + TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_B_DESC].name, (void *)srt_attribute->server_endpoint->description, TLD_TYPE_STRING); } - if(attribute_label->session_flags>0 && !(TLD_search(_handle, _instance->id2field[LOG_COMMON_FLAGS].name))) + if(srt_attribute->session_flags>0 && !(TLD_search(_handle, _instance->id2field[LOG_COMMON_FLAGS].name))) { - TLD_append(_handle, _instance->id2field[LOG_COMMON_FLAGS].name, (void *)attribute_label->session_flags, TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_FLAGS].name, (void *)srt_attribute->session_flags, TLD_TYPE_LONG); } return 1; } -int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) { - struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]); + struct user_defined_attribute *uda_label=(struct user_defined_attribute *)session_lua_user_defined_attribute_get(a_stream); if(uda_label!=NULL) { Value array(kArrayType); - for(int i=0; iattribute_num; i++) + for(int i=0; in_akv; i++) { - Value object(kObjectType); - switch(uda_label->attribute[i].type) + Value object(kObjectType); + switch(uda_label->akv[i].type) { - case ATTRIBUTE_TYPE_BOOL: - case ATTRIBUTE_TYPE_NUMERIC: - add_number_member(_handle, &object, uda_label->attribute[i].name, uda_label->attribute[i].number); + case LUA_ATTRIBUTE_TYPE_BOOL: + case LUA_ATTRIBUTE_TYPE_NUMERIC: + add_number_member(_handle, &object, uda_label->akv[i].name, uda_label->akv[i].number); break; - case ATTRIBUTE_TYPE_IP: - case ATTRIBUTE_TYPE_STRING: - add_str_member(_handle, &object, uda_label->attribute[i].name, uda_label->attribute[i].string); + case LUA_ATTRIBUTE_TYPE_IP: + case LUA_ATTRIBUTE_TYPE_STRING: + add_str_member(_handle, &object, uda_label->akv[i].name, uda_label->akv[i].string); break; default: continue; @@ -1726,7 +1701,7 @@ int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_hand return 0; } -int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream) +int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream) { if(instance==NULL || handle==NULL || a_stream==NULL) { @@ -1762,7 +1737,7 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle set_common_tunnels(_instance, _handle, a_stream); } - unsigned long long stream_id=tsg_get_stream_id(a_stream); + unsigned long long stream_id=tsg_get_stream_trace_id(a_stream); char stream_id_buff[128]={0}; snprintf(stream_id_buff, sizeof(stream_id_buff), "%llu", stream_id); TLD_append(_handle, _instance->id2field[LOG_COMMON_STREAM_TRACE_ID].name, (void *)stream_id_buff, TLD_TYPE_STRING); @@ -1773,7 +1748,7 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle return 0; } -int load_log_common_field(const char *filename, id2field_t *id2field, struct topic_stat **service2topic, int *max_service) +int log_common_fields_new(const char *filename, id2field_t *id2field, struct topic_stat **service2topic, int *max_service) { int i=0,flag=0; int ret=0,id=0; @@ -1881,8 +1856,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha char override_sled_ip[32]={0}; char kafka_errstr[1024]={0}; unsigned int local_ip_nr=0; - char bridge_name[LOG_BRIDGE_MAX][128]={0}; - rd_kafka_conf_t *rdkafka_conf = NULL; + rd_kafka_conf_t *rdkafka_conf = NULL; char broker_list[1024]={0}; struct tsg_log_instance_t *_instance=NULL; char common_field_file[128]={0}; @@ -1916,24 +1890,6 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha MESA_load_profile_int_def(conffile, "TSG_LOG", "VSYSTEM_ID", &(_instance->vsystem_id), 1); MESA_load_profile_int_def(conffile, "SYSTEM","UNKNOWN_APP_ID", &_instance->unknown_app_id, 4); - MESA_load_profile_string_def(conffile, "TSG_LOG", "LINKINFO_FROM_MAC", bridge_name[LOG_BRIDGE_MAC_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_MAC_LINKINFO]), "mirror_linkinfo_from_mac"); - MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_C2S_LINKINFO", bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO]), "common_link_info_c2s"); - MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_S2C_LINKINFO", bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO]), "common_link_info_s2c"); - MESA_load_profile_string_def(conffile, "TSG_LOG", "APP_LUA_SCRIPTS_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_LUA_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_LUA_RESULT]), "LUA_USER_DEFINED_ATTRIBUTE"); - MESA_load_profile_string_def(conffile, "TSG_LOG", "BUSINESS_S3_FILENAME", bridge_name[LOG_BRIDGE_BUSINESS_S3_FILENAME], sizeof(bridge_name[LOG_BRIDGE_BUSINESS_S3_FILENAME]), "TSG_BUSINESS_S3_FILENAME"); - MESA_load_profile_string_def(conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT]), "TSG_APPLICATION_BEHAVIOR"); - MESA_load_profile_string_def(conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT], sizeof(bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]), "TSG_NOTIFICATION_EXECUTION_RESULT"); - MESA_load_profile_string_def(conffile, "SYSTEM", "NOTIFY_ASYNC_FLAGS_BRIDGE_NAME", bridge_name[LOG_BRIDGE_ASYNC_SESSION_FLAGS], sizeof(bridge_name[LOG_BRIDGE_ASYNC_SESSION_FLAGS]), "SESSION_FLAGS_ASYNC_NOTIFY_DATA"); - - for(int i=0; ibridge_id[i]=stream_bridge_build(bridge_name[i], "w"); - if(_instance->bridge_id[i]<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "LINKINFO_FROM_MAC", "stream_bridge_build is error, bridge_name: %s", bridge_name[i]); - } - } - _instance->logger=MESA_create_runtime_log_handle(log_path, _instance->level); if(_instance->logger==NULL) { @@ -2020,7 +1976,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha return NULL; } - load_log_common_field(common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service)); + log_common_fields_new(common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service)); if(_instance->service2topic!=NULL) { @@ -2030,16 +1986,11 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha { register_topic(_instance, &( _instance->service2topic[i])); } - - if(i==1) - { - memcpy(&(_instance->service2topic[i]), &(_instance->service2topic[0]), sizeof(struct topic_stat)); // service id of security event is 0 and 1 - } } } else { - MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "load_log_common_field is error, please check %s", common_field_file); + MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "log_common_fields_new is error, please check %s", common_field_file); } return _instance; @@ -2091,72 +2042,76 @@ void tsg_sendlog_destroy(struct tsg_log_instance_t * instance) free(instance); instance=NULL; -/* - int ret=0,count=0; - - while(1) - { - ret=rd_kafka_wait_destroyed(1000); - if(ret==0) - { - break; - } - count++; - } -*/ - return ; } -int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_id) +int send_log_by_type(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, LOG_TYPE log_type, int thread_id) { - int fs_id=0,ret=0,repeat_cnt=0; + int ret=update_percent(_instance, log_type, LOG_COLUMN_STATUS_DROP, thread_id); + if(ret==1) + { + MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, + "record_log", + "drop log: log_type=%d send_log_percent: %d addr=%s", + log_type, + _instance->service2topic[log_type].send_log_percent[thread_id], + (a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level)) + ); + } + + StringBuffer sb(0, 2048); + Writer writer(sb); + _handle->document->Accept(writer); + + tsg_send_payload(_instance, log_type, (char *)sb.GetString(), sb.GetSize(), thread_id); + + return 0; +} + +int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_id) +{ + int fs_id=0,repeat_cnt=0; int policy_id[MAX_RESULT_NUM]={0}; - if(g_tsg_para.session_record_switch==0 && (p_result[0].service_id==2 || p_result[0].service_id==6 || p_result[0].service_id==7)) + for(size_t i=0;ilogger, RLOG_LV_DEBUG, - "TSG_SEND_LOG", + "tsg_send_log", "tsg same log:cfg_id=%d service=%d addr=%s", - p_result[i].config_id, - p_result[i].service_id, + rules[i].rule_id, + rules[i].service_id, (a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level)) ); continue; } - switch(p_result[i].do_log) + switch(rules[i].do_log) { case LOG_ABORT: MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, - "TSG_SEND_LOG", + "tsg_send_log", "tsg abort log:cfg_id=%d service=%d addr=%s", - p_result[i].config_id, - p_result[i].service_id, + rules[i].rule_id, + rules[i].service_id, (a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level)) ); - fs_id=action2fs_id((int)p_result[i].action); + fs_id=action2fs_id((int)rules[i].action); FS_operate(_instance->fs2_handle, _instance->fs2_field_id[fs_id], 0, FS_OP_ADD, 1); continue; break; case LOG_ALL: - if(p_result[i].action==TSG_ACTION_MONITOR) + if(rules[i].action==TSG_ACTION_MONITOR) { set_s3_filename(_instance, _handle, a_stream); set_mail_eml(_instance, _handle, a_stream); } break; case LOG_NOFILE: - if(p_result[i].action==TSG_ACTION_MONITOR) - { + if(rules[i].action==TSG_ACTION_MONITOR) + { TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name); @@ -2165,40 +2120,16 @@ int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, default: break; } - - ret=update_percent(_instance, p_result[i].service_id, LOG_COLUMN_STATUS_DROP, thread_id); - if(ret==1) - { - MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, - "TSG_SEND_LOG", - "tsg drop log:cfg_id=%d service=%d send_log_percent: %d addr=%s", - p_result[i].config_id, - p_result[i].service_id, - _instance->service2topic[p_result[i].service_id].send_log_percent[thread_id], - (a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level)) - ); - continue; - } - TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(p_result[i].config_id), TLD_TYPE_LONG); - TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(p_result[i].service_id), TLD_TYPE_LONG); - TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)p_result[i].action), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(rules[i].rule_id), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(rules[i].service_id), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)rules[i].action), TLD_TYPE_LONG); - set_notify_execution_result(_instance, _handle, a_stream, &(p_result[i])); - - if(_instance->send_nat_linkinfo &&p_result[i].config_id==0 && a_stream!=NULL) - { - set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]); - set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]); - } + set_policy_action_para_exec_result(_instance, _handle, a_stream, &(rules[i])); - set_xxxx_from_user_region(_handle, _instance, &(p_result[i]), thread_id); - - StringBuffer sb(0, 2048); - Writer writer(sb); - _handle->document->Accept(writer); + set_xxxx_from_user_region(_handle, _instance, &(rules[i]), thread_id); - tsg_send_payload(_instance, p_result[i].service_id, (char *)sb.GetString(), sb.GetSize(), thread_id); + send_log_by_type(_instance, _handle, a_stream, LOG_TYPE_SECURITY_EVENT, thread_id); TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name); @@ -2209,14 +2140,14 @@ int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, return 0; } -int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id) +int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream, enum LOG_TYPE log_type, struct maat_rule *rules, size_t n_rules, int thread_id) { - if(instance==NULL || handle==NULL || log_msg==NULL) + if(instance==NULL || handle==NULL || rules==NULL || n_rules==0) { TLD_cancel(handle); if(instance!=NULL) { - MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", " instance==NULL || TLD_handle==NULL || log_msg==NULL "); + MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "tsg_send_log", " instance==NULL || TLD_handle==NULL || log_msg==NULL "); } return -1; } @@ -2228,51 +2159,61 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl { TLD_cancel(handle); FS_operate(_instance->fs2_handle, _instance->sum_line_id, _instance->fs2_field_id[LOG_COLUMN_STATUS_DROP], FS_OP_ADD, 1); - MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "TSG_SEND_LOG", "Disable tsg_send_log."); + MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "tsg_send_log", "Disable tsg_send_log."); return 0; } - TLD_append_streaminfo(instance, handle, log_msg->a_stream); + TLD_append_streaminfo(instance, handle, a_stream); TLD_append(_handle, _instance->id2field[LOG_COMMON_SLED_IP].name, (void *)(_instance->local_ip_str), TLD_TYPE_STRING); if(strlen(g_tsg_para.device_sn)>0) { TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_ID].name, (void *)(g_tsg_para.device_sn), TLD_TYPE_STRING); } - if(strlen(g_tsg_para.data_center)>0 && _instance->send_data_center==1) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)(g_tsg_para.data_center), TLD_TYPE_STRING); - } - - if(strlen(g_tsg_para.device_tag)>0) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)(g_tsg_para.device_tag), TLD_TYPE_STRING); - } - + TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)tsg_data_center_get(), TLD_TYPE_STRING); + TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)tsg_device_tag_get(), TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG); - set_application_behavior(_instance, _handle, log_msg->a_stream); + set_application_behavior(_instance, _handle, a_stream); - if((log_msg->result[0].service_id==2 || log_msg->result[0].service_id==6 || log_msg->result[0].service_id==7) && log_msg->a_stream!=NULL) // stream of intercept is NULL + struct matched_policy_rules *matched_security_rules=NULL; + + switch(log_type) { - set_shaping_rule_ids(_instance, _handle, log_msg->a_stream); - } - - send_log(_instance, _handle, log_msg->a_stream, log_msg->result, log_msg->result_num, thread_id); - - //fetch firewall result - if(log_msg->result[0].service_id==2 || log_msg->result[0].service_id==7) - { - struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - if(priority_label!=NULL && priority_label->security_result_num>0) - { - if(priority_label->security_result[0].action!=TSG_ACTION_INTERCEPT) + case LOG_TYPE_SECURITY_EVENT: + send_security_event_log(_instance, _handle, a_stream, rules, n_rules, thread_id); + break; + case LOG_TYPE_SESSION_RECORD: + case LOG_TYPE_TRANSACTION_RECORD: + matched_security_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_SECURITY); + if(matched_security_rules!=NULL && matched_security_rules->n_rules>0) { - send_log(_instance, _handle, log_msg->a_stream, priority_label->security_result, priority_label->security_result_num, thread_id); - free_policy_label(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); - tsg_set_xxx_to_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL); + if(matched_security_rules->rules[0].action!=TSG_ACTION_INTERCEPT) + { + send_security_event_log(_instance, _handle, a_stream, matched_security_rules->rules, matched_security_rules->n_rules, thread_id); + session_matched_rules_free(a_stream, TSG_SERVICE_SECURITY, (void *)matched_security_rules); + session_matched_rules_async(a_stream, TSG_SERVICE_SECURITY, NULL); + } } - } + // no break; + case LOG_TYPE_INTERIM_SESSION_RECORD: + if(tsg_session_record_switch_get()==0) + { + break; + } + set_shaping_rule_ids(_instance, _handle, a_stream); + set_nat_linkinfo(_instance, _handle, a_stream); + send_log_by_type(_instance, _handle, a_stream, log_type, thread_id); + break; + case LOG_TYPE_BGP_RECORD: + case LOG_TYPE_VOIP_RECORD: + case LOG_TYPE_GTPC_RECORD: + case LOG_TYPE_INTERNAL_RTP_RECORD: + send_log_by_type(_instance, _handle, a_stream, log_type, thread_id); + break; + default: + TLD_cancel(handle); + return 0; } TLD_cancel(handle); @@ -2313,7 +2254,7 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa { MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, - "TSG_SEND_LOG", + "tsg_send_log", "tsg_send_log to kafka is error (payload==NULL || payload_len<=0 || topic_id<0 || _instance->service2topic[topic_id].topic_rkt==NULL), topic: %s", _instance->service2topic[topic_id].name ); @@ -2327,7 +2268,7 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, - "TSG_SEND_LOG", + "tsg_send_log", "tsg_send_log to kafka is error of code: %d %s(%s), status: %d, topic: %s %s", rd_kafka_last_error(), rd_kafka_err2name(rd_kafka_last_error()), @@ -2343,7 +2284,7 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa update_percent(_instance, topic_id, LOG_COLUMN_STATUS_SUCCESS, thread_id); MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, - "TSG_SEND_LOG", + "tsg_send_log", "log send successfully %s: %s", _instance->service2topic[topic_id].name, payload diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index 60d69b1..9235a98 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -1,5 +1,4 @@ -#ifndef __TSG_SEND_LOG_INTERNAL_H__ -#define __TSG_SEND_LOG_INTERNAL_H__ +#pragma once #include @@ -16,14 +15,14 @@ #define MAX_STRING_LEN32 32 #endif -enum _SEND_MODE +enum SEND_MODE { CLOSE=0, KAFKA=1, }; -typedef enum _tsg_log_field_id +enum LOG_FIELD_ID { LOG_COMMON_POLICY_ID=1, LOG_COMMON_SERVICE, @@ -140,11 +139,11 @@ typedef enum _tsg_log_field_id LOG_COMMON_SHAPING_RULE_IDS, LOG_COMMON_FLAGS_IDENTIFY_INFO, LOG_COMMON_MAX -}tsg_log_field_id_t; +}; enum LOG_COLUMN_STATUS { - LOG_COLUMN_STATUS_SUCCESS=0, + LOG_COLUMN_STATUS_SUCCESS=0, LOG_COLUMN_STATUS_SUCCESS_S, LOG_COLUMN_STATUS_FAIL, LOG_COLUMN_STATUS_FAIL_S, @@ -167,20 +166,6 @@ enum LOG_FS2_TYPE{ LOG_FS2_FREE_RAPID_CAPACITY, LOG_FS2_TYPE_MAX }; - -enum LOG_BRIDGE -{ - LOG_BRIDGE_MAC_LINKINFO=0, - LOG_BRIDGE_NAT_C2S_LINKINFO, - LOG_BRIDGE_NAT_S2C_LINKINFO, - LOG_BRIDGE_APP_LUA_RESULT, - LOG_BRIDGE_BUSINESS_S3_FILENAME, - LOG_BRIDGE_APP_BEHAVIOR_RESULT, - LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT, - LOG_BRIDGE_ASYNC_SESSION_FLAGS, - LOG_BRIDGE_MAX -}; - typedef struct _id2field { @@ -213,11 +198,9 @@ struct tsg_log_instance_t int send_data_center; int recovery_interval; int rapidjson_chunk_capacity; - int session_attribute_project_id; int tcp_flow_project_id; int udp_flow_project_id; int sum_line_id; - int bridge_id[LOG_BRIDGE_MAX]; int fs2_column_id[LOG_COLUMN_STATUS_MAX]; int fs2_field_id[LOG_FS2_TYPE_MAX]; char tcp_label[MAX_STRING_LEN32]; @@ -235,9 +218,7 @@ struct tsg_log_instance_t void *logger; }; -char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id); +char *log_field_id2name(struct tsg_log_instance_t *instance, enum LOG_FIELD_ID id); struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_handle_t fs2_handle); void tsg_sendlog_destroy(struct tsg_log_instance_t * instance); -#endif - diff --git a/src/tsg_statistic.cpp b/src/tsg_statistic.cpp index 3372faa..4839b69 100644 --- a/src/tsg_statistic.cpp +++ b/src/tsg_statistic.cpp @@ -11,7 +11,29 @@ #include "tsg_statistic.h" #include "tsg_send_log_internal.h" -tsg_statis_para_t g_tsg_statis_para; +enum TRAFFIC_INFO_IDX +{ + TRAFFIC_INFO_ALLOW=0, + TRAFFIC_INFO_DENY, + TRAFFIC_INFO_MONITOR, + TRAFFIC_INFO_INTERCEPT, + TRAFFIC_INFO_MAX +}; + +struct tsg_statistic +{ + int cycle; + int fs_line_id; + int thread_alive; + pthread_t stat_thread_id; + int fs_field_id[STATIS_MAX]; + long long statistic_opt[_OPT_TYPE_MAX]; + struct _traffic_info *traffic_info[TSG_ACTION_MAX+1]; + struct _traffic_info default_total_info; + screen_stat_handle_t fs2_handle; +}; + +struct tsg_statistic g_tsg_statis_para; int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq) { @@ -31,7 +53,7 @@ int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_s return 0; } -int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_info, int thread_seq) +int tsg_set_intercept_flow(struct maat_rule *p_result, struct _traffic_info *traffic_info, int thread_seq) { struct _traffic_info *_info=NULL; @@ -49,7 +71,7 @@ int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_ return 0; } -int tsg_set_policy_flow(struct streaminfo *a_stream, Maat_rule_t *p_result, int thread_seq) +int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_result, int thread_seq) { unsigned long long value=0; int value_len=sizeof(unsigned long long); diff --git a/src/tsg_sync_state.cpp b/src/tsg_sync_state.cpp index 6149ad5..768c0ee 100644 --- a/src/tsg_sync_state.cpp +++ b/src/tsg_sync_state.cpp @@ -3,6 +3,7 @@ #include #include +#include "tsg_variable.h" #include "tsg_sync_state.h" #include "tsg_send_log.h" @@ -11,159 +12,166 @@ int set_exec_profile_ids(const struct streaminfo *a_stream, struct parse_handle const char *policy_key[ POLICY_UPDATE_MAX] = { - "service_chaining", - "shaping", + "service_chaining", + "shaping", }; static int tsg_send_ctrl_pkt(const struct streaminfo *a_stream, cJSON *object) { - if (object == NULL) - { - return -1; - } + if (object == NULL) + { + return -1; + } - char *payload = NULL; - uint64_t session_id = tsg_get_stream_id((struct streaminfo *)a_stream); + char *payload = NULL; + uint64_t session_id = tsg_get_stream_trace_id((struct streaminfo *)a_stream); - // tsg_get_stream_id maybe return -1 - if (session_id && session_id != (uint64_t)-1) - { - char trace_id[128]={0}; - snprintf(trace_id, sizeof(trace_id), "%lu", session_id); - cJSON_AddStringToObject(object, "session_id", trace_id); - } + // tsg_get_stream_trace_id maybe return -1 + if (session_id && session_id != (uint64_t)-1) + { + char trace_id[128]={0}; + snprintf(trace_id, sizeof(trace_id), "%lu", session_id); + cJSON_AddStringToObject(object, "session_id", trace_id); + } - cJSON_AddStringToObject(object, "tsync", "1.0"); + cJSON_AddStringToObject(object, "tsync", "1.0"); - payload = cJSON_PrintUnformatted(object); - if (payload == NULL) - { - cJSON_Delete(object); - return -1; - } + payload = cJSON_PrintUnformatted(object); + if (payload == NULL) + { + cJSON_Delete(object); + return -1; + } - // send// - sapp_inject_ctrl_pkt((struct streaminfo *)a_stream, SIO_DEFAULT, payload, strlen(payload)+1, a_stream->routedir); + // send// + sapp_inject_ctrl_pkt((struct streaminfo *)a_stream, SIO_DEFAULT, payload, strlen(payload)+1, a_stream->routedir); - cJSON_free(payload); - cJSON_Delete(object); + cJSON_free(payload); + cJSON_Delete(object); - return 0; + return 0; } int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char state) { - if (a_stream == NULL) - { - return -1; - } + if (a_stream == NULL) + { + return -1; + } - cJSON *object = cJSON_CreateObject(); - - if (state== OP_STATE_PENDING) - { - cJSON_AddStringToObject(object, "state", "opening"); - } - else if (state == OP_STATE_CLOSE) - { - cJSON_AddStringToObject(object, "state", "closing"); - } - else - { - cJSON_Delete(object); - return -1; - } + cJSON *object = cJSON_CreateObject(); - return tsg_send_ctrl_pkt(a_stream, object); + if (state== OP_STATE_PENDING) + { + cJSON_AddStringToObject(object, "state", "opening"); + } + else if (state == OP_STATE_CLOSE) + { + cJSON_AddStringToObject(object, "state", "closing"); + } + else + { + cJSON_Delete(object); + return -1; + } + + return tsg_send_ctrl_pkt(a_stream, object); } int tsg_sync_resetall_state(const struct streaminfo *a_stream) { - if (a_stream == NULL) - { - return -1; - } + if (a_stream == NULL) + { + return -1; + } - cJSON *object = cJSON_CreateObject(); - cJSON_AddStringToObject(object, "state", "resetall"); + cJSON *object = cJSON_CreateObject(); + cJSON_AddStringToObject(object, "state", "resetall"); - return tsg_send_ctrl_pkt(a_stream, object); + return tsg_send_ctrl_pkt(a_stream, object); } int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num) { - if (a_stream == NULL || policy_array == NULL || policy_array_num > (int) POLICY_UPDATE_MAX || policy_array_num <= 0) - { - return -1; - } + if (a_stream == NULL || policy_array == NULL || policy_array_num > (int) POLICY_UPDATE_MAX || policy_array_num <= 0) + { + return -1; + } - cJSON *params_object = NULL; - cJSON *policy_arr = NULL; - cJSON *object = cJSON_CreateObject(); + cJSON *params_object = NULL; + cJSON *policy_arr = NULL; + cJSON *object = cJSON_CreateObject(); - cJSON_AddStringToObject(object, "state", "active"); - cJSON_AddStringToObject(object, "method", "policy_update"); - params_object = cJSON_AddObjectToObject(object, "params"); + cJSON_AddStringToObject(object, "state", "active"); + cJSON_AddStringToObject(object, "method", "policy_update"); + params_object = cJSON_AddObjectToObject(object, "params"); + + for (int i = 0; i < policy_array_num; i++) + { + int tmp_ids[8]={0}; + int n_tmp_ids=MIN(policy_array[i].n_ids, 8); + for(int j=0; j= POLICY_UPDATE_MAX) + { + cJSON_Delete(object); + return -1; + } - for (int i = 0; i < policy_array_num; i ++) - { - policy_arr = cJSON_CreateIntArray(policy_array[i].ids, policy_array[i].id_num); - if (policy_arr == NULL || policy_array[i].type >= POLICY_UPDATE_MAX) - { - cJSON_Delete(object); - return -1; - } + cJSON_AddItemToObject(params_object, policy_key[policy_array[i].type], policy_arr); + policy_arr = NULL; + } - cJSON_AddItemToObject(params_object, policy_key[policy_array[i].type], policy_arr); - policy_arr = NULL; - } - - return tsg_send_ctrl_pkt(a_stream, object); + return tsg_send_ctrl_pkt(a_stream, object); } int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len) { - if (a_stream == NULL || payload == NULL || payload_len == 0) - { - return -1; - } + if (a_stream == NULL || payload == NULL || payload_len == 0) + { + return -1; + } - char *state = NULL; - char *method = NULL; - char *tsync = NULL; - cJSON *params_object = NULL; - cJSON *sf_ids_array = NULL; - struct parse_handle result = {0}; + char *state = NULL; + char *method = NULL; + char *tsync = NULL; + cJSON *params_object = NULL; + cJSON *sf_ids_array = NULL; + struct parse_handle result = {0}; - cJSON *object = cJSON_Parse((char *)payload); - if (object == NULL) - { - return -1; - } - - tsync = cJSON_GetObjectItem(object, "tsync")->valuestring; - memcpy(result.tsync, tsync, strlen(tsync)); + cJSON *object = cJSON_Parse((char *)payload); + if (object == NULL) + { + return -1; + } - //result.session_id = (uint64_t)atoll(cJSON_GetObjectItem(object, "session_id")->string); + tsync = cJSON_GetObjectItem(object, "tsync")->valuestring; + memcpy(result.tsync, tsync, strlen(tsync)); - state = cJSON_GetObjectItem(object, "state")->valuestring; - memcpy(result.state, state, strlen(state)); + //result.session_id = (uint64_t)atoll(cJSON_GetObjectItem(object, "session_id")->string); - method = cJSON_GetObjectItem(object, "method")->valuestring; - memcpy(result.method, method, strlen(method)); + state = cJSON_GetObjectItem(object, "state")->valuestring; + memcpy(result.state, state, strlen(state)); - params_object = cJSON_GetObjectItem(object, "params"); - sf_ids_array = cJSON_GetObjectItem(params_object, "sf_profile_ids"); - result.sf_ids.id_num = cJSON_GetArraySize(sf_ids_array); - for (int i = 0; i < result.sf_ids.id_num; i ++) - { - result.sf_ids.ids[i] = cJSON_GetArrayItem(sf_ids_array, i)->valueint; - } + method = cJSON_GetObjectItem(object, "method")->valuestring; + memcpy(result.method, method, strlen(method)); - //set_exec_profile_ids(a_stream, &result); + params_object = cJSON_GetObjectItem(object, "params"); + sf_ids_array = cJSON_GetObjectItem(params_object, "sf_profile_ids"); + result.sf_ids.n_ids = cJSON_GetArraySize(sf_ids_array); + for (int i = 0; i < result.sf_ids.n_ids; i ++) + { + result.sf_ids.ids[i] = cJSON_GetArrayItem(sf_ids_array, i)->valueint; + } - cJSON_Delete(object); - return 0; + //set_exec_profile_ids(a_stream, &result); + + cJSON_Delete(object); + return 0; } int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state) diff --git a/src/tsg_sync_state.h b/src/tsg_sync_state.h index 2a900fa..73190f2 100644 --- a/src/tsg_sync_state.h +++ b/src/tsg_sync_state.h @@ -1,5 +1,4 @@ -#ifndef TSG_SESSION_STATE_H -#define TSG_SESSION_STATE_H +#pragma once #include #include @@ -14,8 +13,8 @@ enum policy_type struct update_policy { enum policy_type type; - int id_num; - int ids[8]; + int n_ids; + long long ids[8]; }; // i don't need this @@ -36,5 +35,3 @@ int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_poli int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len); - -#endif //TSG_SESSION_STATE_H diff --git a/src/tsg_tamper.cpp b/src/tsg_tamper.cpp index f5f169e..1958a26 100644 --- a/src/tsg_tamper.cpp +++ b/src/tsg_tamper.cpp @@ -36,11 +36,11 @@ int swap_payload2byte(char *str, int endlen) { char temp; - if(endlen<4){ //最少满足2个16bit的长度,即最小4字节。 + if(endlen<4){ //最少满??6bit的长度,即最?字节? return 0; } - //这样交换是别面校验和不对的问题 + //这样交换是别面校验和不对的问? for(int i=1; i +#include +#include + +#include "tsg_label.h" +#include "tsg_variable.h" + +struct tsg_rt_para g_tsg_para; + +struct id2field g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, + {PROTO_IPv4, 0, "IPV4"}, + {PROTO_IPv6, 0, "IPV6"}, + {PROTO_TCP, 0, "TCP"}, + {PROTO_UDP, 0, "UDP"}, + {PROTO_HTTP, 0, "HTTP"}, + {PROTO_MAIL, 0, "MAIL"}, + {PROTO_DNS, 0, "DNS"}, + {PROTO_FTP, 0, "FTP"}, + {PROTO_SSL, 0, "SSL"}, + {PROTO_SIP, 0, "SIP"}, + {PROTO_BGP, 0, "BGP"}, + {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"}, + {PROTO_QUIC, 0, "QUIC"}, + {PROTO_SSH, 0, "SSH"}, + {PROTO_SMTP, 0, "SMTP"}, + {PROTO_IMAP, 0, "IMAP"}, + {PROTO_POP3, 0, "POP3"}, + {PROTO_RTP, 0, "RTP"}, + {PROTO_APP, 0, "BASE"}, + {PROTO_L2TP, 0, "L2TP"}, + {PROTO_PPTP, 0, "PPTP"}, + {PROTO_STRATUM, 0, "Stratum"}, + {PROTO_RDP, 0, "RDP"}, + {PROTO_DTLS, 0, "DTLS"} + }; + +const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id) +{ + struct l7_protocol *l7_proto=NULL; + HASH_FIND(hh1, g_tsg_para.name_by_id, &l7_protocol_id, sizeof(l7_protocol_id), l7_proto); + if(l7_proto!=NULL) + { + return (const char *)l7_proto->name; + } + + return NULL; +} + +unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) +{ + struct l7_protocol *l7_proto=NULL; + + HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto); + if(l7_proto!=NULL) + { + return l7_proto->id; + } + + return 0; +} + +long long tsg_get_current_time_ms(void) +{ + int size=sizeof(long long); + long long current_time_ms=0; + sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, ¤t_time_ms, &size); + + return current_time_ms; +} + +unsigned long long tsg_get_stream_trace_id(const struct streaminfo * a_stream) +{ + int ret=0; + int device_id_size=sizeof(unsigned long long); + unsigned long long device_id=(unsigned long long)g_tsg_para.device_seq_in_dc; + + ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size); + if(ret==0) + { + return device_id; + } + + return -1; +} + diff --git a/src/tsg_variable.h b/src/tsg_variable.h index 5969a18..0aa1b5e 100644 --- a/src/tsg_variable.h +++ b/src/tsg_variable.h @@ -1,5 +1,8 @@ #pragma once +#include "uthash.h" +#include "tsg_bridge.h" + #include #include #include @@ -72,54 +75,6 @@ enum DEPLOY_MODE DEPLOY_MODE_MAX }; -enum MASTER_STATIC_TABLE -{ - TABLE_SECURITY_COMPILE=0, - TABLE_IP_ADDR, - TABLE_SUBSCRIBER_ID, - TABLE_APP_ID, - TABLE_HTTP_HOST, - TABLE_SSL_SNI, - TABLE_EXCLUSION_SSL_SNI, - TABLE_SRC_ASN, - TABLE_DST_ASN, - TABLE_SRC_LOCATION, - TABLE_DST_LOCATION, - TABLE_ASN_USER_DEFINED, - TABLE_ASN_BUILT_IN, - TABLE_LOCATION_USER_DEFINED, - TABLE_LOCATION_BUILT_IN, - TABLE_QUIC_SNI, - TABLE_FQDN_CAT_ID, - TABLE_FQDN_CAT_USER_DEFINED, - TABLE_FQDN_CAT_BUILT_IN, - TABLE_APP_ID_DICT, - TABLE_SELECTOR_ID, - TABLE_SELECTOR_PROPERTIES, - TABLE_GTP_APN, - TABLE_GTP_IMSI, - TABLE_GTP_PHONE_NUMBER, - TABLE_RESPONSE_PAGES, - TABLE_DNS_PROFILE_RECORD, - TABLE_PROFILE_MIRROR, - TABLE_HTTP_URL, - TABLE_DTLS_SNI, - TABLE_TUNNEL_ID, - TABLE_TUNNEL_CATALOG, - TABLE_TUNNEL_ENDPOINT, - TABLE_TUNNEL_LABEL, - TABLE_SESSION_FLAGS, - TABLE_SESSION_LOG, - TABLE_MAX -}; - -enum MASTER_DYNAMIC_TABLE -{ - DYN_TABLE_SUBSCRIBER_IP=0, - DYN_TABLE_GTP_SIGNALING, - DYN_TABLE_MAX -}; - #ifndef MIN #define MIN(a, b) (((a) < (b)) ? (a) : (b)) #endif @@ -136,13 +91,6 @@ enum MASTER_DYNAMIC_TABLE #define MAX_STRING_LEN32 32 #endif -struct id2field -{ - int type; - int id; - char name[MAX_STRING_LEN32]; -}; - struct reset_argv { int pkt_num; @@ -153,22 +101,23 @@ struct reset_argv int remedy; }; -#ifndef MAX_TABLE_NAME_LEN -#define MAX_TABLE_NAME_LEN 64 -#endif - #ifndef MAX_STRING_LEN128 #define MAX_STRING_LEN128 128 #endif -typedef struct tsg_para +struct id2field +{ + int type; + int id; + char name[MAX_STRING_LEN32]; +}; + +struct tsg_rt_para { int level; short mirror_switch; unsigned short timeout; int dynamic_maat_switch; - int location_field_num; - int app_dict_field_num; int device_seq_in_dc; int datacenter_id; int scan_signaling_switch; @@ -178,31 +127,18 @@ typedef struct tsg_para int feature_tamper; int service_chaining_sid; int shaping_sid; + int send_resetall; enum DEPLOY_MODE deploy_mode; int scan_time_interval; int identify_app_max_pkt_num; int unknown_app_id; - int hit_path_switch; - int session_record_switch; - int default_compile_id; - int table_id[TABLE_MAX]; - int dyn_table_id[DYN_TABLE_MAX]; - int session_attribute_project_id; - int proto_flag; //tsg_protocol_t + int proto_flag; //enum TSG_PROTOCOL int fs2_field_id[TSG_FS2_MAX]; char device_sn[MAX_STRING_LEN128]; char log_path[MAX_STRING_LEN128]; char device_id_command[MAX_STRING_LEN128]; - char data_center[MAX_STRING_LEN128]; - char device_tag[MAX_STRING_LEN128]; - char table_name[TABLE_MAX][MAX_TABLE_NAME_LEN]; - char dyn_table_name[DYN_TABLE_MAX][MAX_TABLE_NAME_LEN]; - struct bridge_info bridge[BRIDGE_TYPE_MAX]; - int send_resetall; void *logger; - void *maat_logger; struct reset_argv reset; - struct mirrored_vlan default_vlan; screen_stat_handle_t fs2_handle; struct l7_protocol *name_by_id; struct l7_protocol *id_by_name; @@ -210,9 +146,18 @@ typedef struct tsg_para ctemplate::Template *tpl_403,*tpl_404; ctemplate::Template *tpl_200,*tpl_204; ctemplate::Template *tpl_303; -}g_tsg_para_t; +}; -extern g_tsg_para_t g_tsg_para; -extern Maat_feather_t g_tsg_dynamic_maat_feather; +extern struct tsg_rt_para g_tsg_para;; extern struct id2field g_tsg_proto_name2id[PROTO_MAX]; +struct l7_protocol +{ + int id; /* first key */ + char name[32]; /* second key */ + UT_hash_handle hh1; /* handle for first hash table */ + UT_hash_handle hh2; /* handle for second hash table */ +}; + +long long tsg_get_current_time_ms(void); + diff --git a/src/version.map b/src/version.map index 78b3c99..f695908 100644 --- a/src/version.map +++ b/src/version.map @@ -8,6 +8,13 @@ global: *tsg_free_gtp_signaling_field; *tsg_*; *TLD_*; + *session_runtime_attribute_get*; + *srt_attribute*; + *session_runtime_process_context_async*; + *session_runtime_process_context_get*; + *srt_process_context_*; + *session_matched_rules_notify*; + *session_matched_rules_copy*; *GIT*; }; local: *; diff --git a/test/bin/foreign_files/TSG_PROFILE_RESPONSE_PAGES.1 b/test/bin/foreign_files/TSG_PROFILE_RESPONSE_PAGES.1 new file mode 100644 index 0000000..f079749 --- /dev/null +++ b/test/bin/foreign_files/TSG_PROFILE_RESPONSE_PAGES.1 @@ -0,0 +1 @@ +test1 \ No newline at end of file diff --git a/test/bin/foreign_files/TSG_PROFILE_RESPONSE_PAGES.2 b/test/bin/foreign_files/TSG_PROFILE_RESPONSE_PAGES.2 new file mode 100644 index 0000000..d606037 --- /dev/null +++ b/test/bin/foreign_files/TSG_PROFILE_RESPONSE_PAGES.2 @@ -0,0 +1 @@ +test2 \ No newline at end of file diff --git a/test/bin/gtest_maat.json b/test/bin/gtest_maat.json index feaab2f..763509c 100644 --- a/test/bin/gtest_maat.json +++ b/test/bin/gtest_maat.json @@ -1,7 +1,7 @@ { - "compile_table": "TSG_SECURITY_COMPILE", - "group2compile_table": "GROUP_COMPILE_RELATION", - "group2group_table": "GROUP_GROUP_RELATION", + "compile_table": "TSG_COMPILE", + "group2compile_table": "TSG_GROUP_COMPILE_RELATION", + "group2group_table": "TSG_GROUP_GROUP_RELATION", "rules": [ { "compile_id": 1, @@ -9,9 +9,10 @@ "action": 1, "do_blacklist": 0, "do_log": 1, - "effective_rage": 0, - "user_region": "Virtual", + "tags": "{}", + "user_region": "{}", "is_valid": "yes", + "evaluation_order": "2.111", "groups": [ { "group_name":"OBJ_DST_IP_ADDR", @@ -23,12 +24,12 @@ "table_name": "TSG_OBJ_IP_ADDR", "table_content": { "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "0.0.0.0", - "src_ip2": "255.255.255.255", - "sport_format": "range", - "src_port1": "0", - "src_port2": "0", + "addr_format": "range", + "ip1": "0.0.0.0", + "ip2": "255.255.255.255", + "port_format": "range", + "port1": "0", + "port2": "0", "protocol": 0, "direction": "double" } @@ -43,9 +44,10 @@ "action": 16, "do_blacklist": 0, "do_log": 1, - "effective_rage": 0, + "tags": "{}", "user_region": "{\"method\":\"rate_limit\",\"bps\":1024,\"packet_capture\":{\"enable\":1,\"capture_depth\":2000}}", "is_valid": "yes", + "evaluation_order": "2.111", "groups": [ { "group_name": "OBJ_DST_IP_ADDR", @@ -57,12 +59,12 @@ "table_name": "TSG_OBJ_IP_ADDR", "table_content": { "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "0.0.0.0", - "src_ip2": "255.255.255.255", - "sport_format": "range", - "src_port1": "0", - "src_port2": "0", + "addr_format": "range", + "ip1": "0.0.0.0", + "ip2": "255.255.255.255", + "format": "range", + "port1": "0", + "port2": "0", "protocol": 0, "direction": "double" } @@ -70,20 +72,185 @@ ] } ] + }, + { + "compile_id": 3, + "service": 0, + "action": 1, + "do_blacklist": 0, + "do_log": 1, + "tags": "{}", + "user_region": "{}", + "is_valid": "yes", + "evaluation_order": "0.0", + "groups": [ + { + "not_flag": 0, + "clause_index": 0, + "virtual_table": "TSG_SECURITY_TUNNEL", + "regions": [ + { + "table_name": "TSG_OBJ_TUNNEL_ID", + "table_type": "interval", + "table_content": { + "low_boundary": 900, + "up_boundary": 1003 + } + } + ] + } + ] + }, + { + "compile_id": 4, + "service": 0, + "action": 16, + "do_blacklist": 0, + "do_log": 1, + "tags": "{}", + "user_region": "{\"method\":\"rate_limit\",\"bps\":1024,\"packet_capture\":{\"enable\":1,\"capture_depth\":2000}}", + "is_valid": "yes", + "evaluation_order": "0.0", + "groups": [ + { + "not_flag": 0, + "clause_index": 0, + "virtual_table": "TSG_SECURITY_TUNNEL", + "regions": [ + { + "table_name": "TSG_OBJ_TUNNEL_ID", + "table_type": "interval", + "table_content": { + "low_boundary": 900, + "up_boundary": 1003 + } + } + ] + } + ] } ], "plugin_table": [ { "table_name": "APP_ID_DICT", "table_content": [ - "4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1", - "67\thttp\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1", - "156\tqq\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1", - "336\tOPENVPN\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1", - "199\tSSL\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1", - "1241\tqq_web\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1", - "3145\tqq_r2\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1" + "67\thttp\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"drop\",\"after_n_packets\":0,\"send_icmp_unreachable\":1,\"send_tcp_reset\":1}\t0\t60\t120\t30\t30\t1", + "68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1", + "4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1", + "70\thttps\t1\tssl\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1" + ] + }, + { + "table_name": "TSG_DYN_MOBILE_IDENTITY_APN_TEID", + "table_content": [ + "1\t111039813\t460045157065560\t861440152009856\t111039813.cmiott.gxqli.mcto60g.com\t8626070583075127\t1", + "2\t111052899\t460045157053102\t861440152041083\t111052899.cmiott.wkctf.mcto60g.com\t8626070583008402\t1" + ] + }, + { + "table_name": "TSG_IP_ASN_BUILT_IN", + "table_content": [ + ] + }, + { + "table_name": "TSG_IP_ASN_USER_DEFINED", + "table_content": [ + ] + }, + { + "table_name": "TSG_IP_LOCATION_BUILT_IN", + "table_content": [ + "6777621\t1819730\t4\t124.156.128.0\t124.156.191.255\t22.25\t114.1667\t50.0\ten\tAS\tAsia\tHK\tHong\\bKong\tOther\tOther\tOther\tRoad1\tAsia/Hong_Kong\t1", + "3716523\t1814992\t4\t192.168.50.1\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tXin\\bXi\\bGang\tRoad1\tAsia/Shanghai\t1" + ] + }, + { + "table_name": "TSG_IP_LOCATION_USER_DEFINED", + "table_content": [ + "371652\t181499\t4\t192.168.50.10\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tHua\\bYan\\bBei\\bLi\tRoad1\tAsia/Shanghai\t1" + ] + }, + { + "table_name": "TSG_FQDN_CATEGORY_BUILT_IN", + "table_content": [ + "106285681\t4\t106285681.201198.com\t1\t1", + "106285682\t5\t106285682.201198.com\t1\t1", + "106285688\t8\t106285688.201198.com\t1\t1", + "106285689\t9\t106285689.201198.com\t1\t1", + "106285690\t9\t106285689.201198.com\t1\t1", + "106285691\t10\t1106285683.201198.com\t1\t1" + ] + }, + { + "table_name": "TSG_FQDN_CATEGORY_USER_DEFINED", + "table_content": [ + "1106285681\t4\t1106285681.201198.com\t1\t1", + "1106285682\t5\t1106285682.201198.com\t1\t1", + "1106285683\t6\t1106285683.201198.com\t1\t1", + "1106285684\t7\t1106285684.201198.com\t1\t1", + "1106285685\t7\t1106285684.201198.com\t1\t1" + ] + }, + { + "table_name": "TSG_TUNNEL_CATALOG", + "table_content": [ + "977\t1.1.1.1-1.1.1.1\tGTP\t1367\t1", + "978\t1.1.1.1-1.1.1.1\tGTP\t1367&1605\t1" + ] + }, + { + "table_name": "TSG_TUNNEL_ENDPOINT", + "table_content": [ + "989\t4\t192.50.0.0\t192.50.255.255\ttest\t1", + "990\t4\t192.50.0.0\t192.50.255.255\ttest\t1", + "991\t4\t192.40.128.0\t192.40.255.255\ttest\t1", + "992\t4\t192.40.0.0\t192.40.127.255\ttest\t1" + ] + }, + { + "table_name": "TSG_TUNNEL_LABEL", + "table_content": [ + "15560\t15560\tVLAN_ID\t1", + "15561\t15561\tVLAN_ID\t1" + ] + }, + { + "table_name": "TSG_DYN_SUBSCRIBER_IP", + "table_content": [ + "1299\t4\t192.168.56.28\ttest5628\t1", + "1300\t4\t192.168.56.27\ttest5627\t1" + ] + }, + { + "table_name": "TSG_PROFILE_DNS_RECORDS", + "table_content": [ + "8119\teditTypeA\tA\t[{\"value\":\"1.1.1.1\",\"priority\":null},{\"value\":\"2.2.2.2\",\"priority\":null},{\"value\":\"3.3.3.3\",\"priority\":null}]\t1", + "7961\tFile\tAAAA\t[{\"value\":\"1030::C9B4:FF12:48AA:1A2B\",\"priority\":null},{\"value\":\"1030::C9B4:FF12:48AA:1A2C\",\"priority\":null}]\t1", + "7701\tTypeCNAME\tCNAME\t[{\"value\":\"www.facebook.com\",\"priority\":null},{\"value\":\"www.twitter.com\",\"priority\":null}]\t1" + ] + }, + { + "table_name": "TSG_PROFILE_RESPONSE_PAGES", + "table_content": [ + "957\ttest-html-1\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.1\t1", + "958\ttest-html-2\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.2\t1" + ] + }, + { + "table_name": "TSG_PROFILE_TRAFFIC_MIRROR", + "table_content": [ + "845\t168.50.28yinyong\t[3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34]\t1", + "123\ttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest\t[66]\t1" + ] + }, + { + "table_name": "T_VSYS_INFO", + "table_content": [ + "6\t1\t1" ] } ] } + + + diff --git a/test/src/CMakeLists.txt b/test/src/CMakeLists.txt index 0db2be3..bf70bff 100644 --- a/test/src/CMakeLists.txt +++ b/test/src/CMakeLists.txt @@ -9,8 +9,17 @@ include_directories(${PROJECT_SOURCE_DIR}/src/) add_definitions(-std=c++11) LINK_DIRECTORIES(/opt/MESA/lib) -#add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp ${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp ${PROJECT_SOURCE_DIR}/src/tsg_leaky_bucket.cpp gtest_common.cpp gtest_rule.cpp) -#target_link_libraries(gtest_rule gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe) +add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp gtest_common.cpp gtest_rule.cpp) +target_link_libraries(gtest_rule gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger maat4) + +add_executable(gtest_bridge ${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp ${PROJECT_SOURCE_DIR}/src/tsg_protocol.cpp ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp gtest_common.cpp gtest_bridge.cpp) +target_link_libraries(gtest_bridge gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger maat4) + +add_executable(gtest_action ${PROJECT_SOURCE_DIR}/src/tsg_action.cpp ${PROJECT_SOURCE_DIR}/src/tsg_leaky_bucket.cpp ${PROJECT_SOURCE_DIR}/src/tsg_dns.cpp ${PROJECT_SOURCE_DIR}/src/tsg_icmp.cpp ${PROJECT_SOURCE_DIR}/src/tsg_tamper.cpp ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp gtest_common.cpp gtest_action.cpp) +target_link_libraries(gtest_action gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger maat4 MESA_field_stat2) + +add_executable(gtest_sendlog ${PROJECT_SOURCE_DIR}/src/tsg_send_log.cpp ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp gtest_common.cpp gtest_sendlog.cpp) +target_link_libraries(gtest_sendlog gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger maat4 rdkafka MESA_field_stat2) set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp @@ -26,10 +35,12 @@ set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp ${PROJECT_SOURCE_DIR}/src/tsg_tamper.cpp ${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp ${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_protocol.cpp ) add_executable(gtest_master ${TSG_MASTER_SRC} gtest_kafka.cpp gtest_common.cpp gtest_master.cpp) -target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe MESA_htable) +target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable) add_executable(gtest_sync_session_state ${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp gtest_common.cpp gtest_session_state.cpp) target_link_libraries(gtest_sync_session_state gtest-static cjson ctemplate-static) diff --git a/test/src/gtest_action.cpp b/test/src/gtest_action.cpp new file mode 100644 index 0000000..c8008de --- /dev/null +++ b/test/src/gtest_action.cpp @@ -0,0 +1,111 @@ +#include +#include +#include + +#include "tsg_rule.h" +#include "tsg_label.h" +#include "tsg_entry.h" +#include "tsg_variable.h" +#include "tsg_rule_internal.h" +#include "tsg_protocol_common.h" + +#include + +struct maat *g_tsg_maat_feather; + +const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *matched_rule_cites_http_response_pages(struct maat *feather, long long profile_id) +{ + return NULL; +} + +void plugin_ex_data_http_response_pages_free(struct http_response_pages * response_pages) +{ +} + +void *matched_rule_cites_app_id_dict(struct maat *feather, long long app_id) +{ + return NULL; +} + +void plugin_ex_data_app_id_dict_free(struct app_id_dict * dict) +{ +} + +void *matched_rule_cites_security_compile(struct maat *feather, long long profile_id) +{ + return NULL; +} + +void plugin_ex_data_security_compile_free(struct maat_compile * maat_compile) +{ +} + +void *matched_rule_cites_dns_profile_record(struct maat *feather, long long profile_id) +{ + return NULL; +} + +void plugin_ex_data_dns_profile_record_free(struct dns_profile_records * records) +{ +} + +int session_runtime_action_context_async(const struct streaminfo * a_stream, void * data) +{ + return 0; +} + +int srt_attribute_set_reponse_size(const struct streaminfo * a_stream, int http_action_file_size) +{ + return 0; +} + +int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, struct leaky_bucket * bucket, int thread_seq) +{ + return 0; +} + +int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, enum TSG_PROTOCOL protocol, int thread_seq) +{ + return 0; +} + +int srt_action_context_set_rule_method(const struct streaminfo * a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq) +{ + return 0; +} + +int srt_action_context_set_after_n_packet(const struct streaminfo * a_stream, int after_n_packets, int thread_seq) +{ + return 0; +} + +const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream) +{ + return NULL; +} + +int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq) +{ + return 0; +} + +int session_packet_capture_notify(const struct streaminfo * a_stream, struct maat_rule *results, size_t n_results, int thread_seq) +{ + return 0; +} + +TEST(TM_ACTION, Http) +{ + EXPECT_EQ(1, 1); +} + +int main(int argc, char *argv[]) +{ + testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/test/src/gtest_bridge.cpp b/test/src/gtest_bridge.cpp new file mode 100644 index 0000000..57a04fb --- /dev/null +++ b/test/src/gtest_bridge.cpp @@ -0,0 +1,101 @@ +#include +#include +#include + +#include "tsg_rule.h" +#include "tsg_label.h" +#include "tsg_entry.h" +#include "tsg_variable.h" +#include "tsg_rule_internal.h" +#include "tsg_protocol_common.h" + +#include + +void tsg_maat_state_free(struct maat_state *state) +{ + +} + +void destroy_bucket(struct leaky_bucket * * bucket, int thread_seq) +{ + +} + +void plugin_ex_data_gtp_c_free(struct umts_user_info *user_info) +{ +} + +void plugin_ex_data_asn_number_free(struct asn_info *asn) +{ +} + +void plugin_ex_data_location_free(struct location_info *location) +{ +} + +void plugin_ex_data_subscriber_id_free(struct subscribe_id_info *subscriber) +{ +} + +void plugin_ex_data_tunnel_endpoint_free(struct tunnel_endpoint *t_enpoint) +{ +} + +int srt_attribute_set_ip_asn(const struct streaminfo * a_stream, struct maat *feather, struct asn_info **client_asn, struct asn_info **server_asn) +{ + return 0; +} + +int srt_attribute_set_ip_location(const struct streaminfo * a_stream, struct maat *feather, struct location_info **client_location, struct location_info **server_location) +{ + return 0; +} + +int srt_attribute_set_subscriber_id(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info **client_subscribe_id, struct subscribe_id_info **server_subscribe_id) +{ + return 0; +} + +int session_runtine_attribute_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info) +{ + return 0; +} + +struct umts_user_info *tsg_get_umts_user_info_form_redis(struct maat *feather, unsigned int teid) +{ + return NULL; +} + +int session_app_identify_result_cb(const struct streaminfo * a_stream, int bridge_id, void * data) +{ + return 0; +} + +int session_flags_identify_result_cb(const struct streaminfo * a_stream, int bridge_id, void * data) +{ + return 0; +} + +int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num) +{ + return 0; +} + +TEST(TM_Bridge, HitedSecurityPolicyResult) +{ + EXPECT_EQ(1,1); + EXPECT_NE(nullptr, ""); + EXPECT_STREQ("460045157065560", "460045157065560"); +} + +int main(int argc, char *argv[]) +{ + int ret=tsg_bridge_init("tsgconf/main.conf"); + if(ret<0) + { + return -1; + } + testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} + diff --git a/test/src/gtest_common.h b/test/src/gtest_common.h index 3e462b7..31dd827 100644 --- a/test/src/gtest_common.h +++ b/test/src/gtest_common.h @@ -3,10 +3,10 @@ #include "tsg_send_log.h" extern "C" int TSG_MASTER_INIT(); -void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data); +void session_matched_rules_free(const struct streaminfo *stream, int bridge_id, void *data); int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff_len); -int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream); -int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream); +int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream); +int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream); diff --git a/test/src/gtest_function.h b/test/src/gtest_function.h index 5d8de40..c72380a 100644 --- a/test/src/gtest_function.h +++ b/test/src/gtest_function.h @@ -28,6 +28,6 @@ using namespace rapidjson; using namespace std; extern "C" int TSG_MASTER_INIT(); -int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id); -int set_app_full_path(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result); +int set_vlan(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id); +int set_app_full_path(struct TLD_handle_t *handle, char *field_name, struct gather_app_result *result); diff --git a/test/src/gtest_master.cpp b/test/src/gtest_master.cpp index e5b5289..7da2057 100644 --- a/test/src/gtest_master.cpp +++ b/test/src/gtest_master.cpp @@ -3,41 +3,46 @@ #include #include "gtest_common.h" -#include "tsg_rule.h" #include "tsg_entry.h" +#include "tsg_rule_internal.h" #include extern int rd_kafka_get_sendlog_cnt(void); extern const char *rd_kafka_get_sendlog_payload(int idx); +extern int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq);; +extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq);; + +extern void session_segment_id_free(const struct streaminfo * a_stream, int bridge_id, void * data); + TEST(TSGMaster, SetAPPIDHttp) { - struct streaminfo a_stream={0}; - struct gather_app_result gather_result[ORIGIN_MAX]={0}; + const struct streaminfo a_stream={0}; + struct gather_app_result async_gather_result[ORIGIN_MAX]={0}; - gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1; - gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL; - gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=67; //HTTP + async_gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1; + async_gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL; + async_gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=67; //HTTP - tsg_set_xxx_to_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result); - struct gather_app_result *get_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); - EXPECT_NE(nullptr, get_result); - EXPECT_EQ(1, get_result[ORIGIN_BASIC_PROTOCOL].app_num); - EXPECT_EQ(67, get_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id); - EXPECT_EQ(0, get_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence); - EXPECT_EQ(0, get_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id); - EXPECT_EQ(ORIGIN_BASIC_PROTOCOL, get_result[ORIGIN_BASIC_PROTOCOL].origin); + session_gather_app_results_async(&a_stream, (void *)async_gather_result); + struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(&a_stream); + EXPECT_NE(nullptr, gather_result); + EXPECT_EQ(1, gather_result[ORIGIN_BASIC_PROTOCOL].app_num); + EXPECT_EQ(67, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id); + EXPECT_EQ(0, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence); + EXPECT_EQ(0, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id); + EXPECT_EQ(ORIGIN_BASIC_PROTOCOL, gather_result[ORIGIN_BASIC_PROTOCOL].origin); struct TLD_handle_t *handle=TLD_create(0); set_app_id(g_tsg_log_instance, handle, (struct streaminfo *)&a_stream); char app_ids[256]={0}; TLD_convert_json(handle, app_ids, sizeof(app_ids)); - EXPECT_STREQ("{\"common_app_full_path\":\"http\",\"common_app_label\":\"http\"}", app_ids); + EXPECT_STREQ("{\"common_app_full_path\":\"http\",\"common_app_label\":\"http\",\"common_app_id\":{\"LPI_L7\":[{\"app_name\":\"http\",\"app_id\":67,\"surrogate_id\":0,\"packet_sequence\":0}]}}", app_ids); - tsg_set_xxx_to_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, NULL); - get_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); - EXPECT_EQ(nullptr, get_result); + session_gather_app_results_async(&a_stream, NULL); + gather_result=(struct gather_app_result *)session_gather_app_results_get(&a_stream); + EXPECT_EQ(nullptr, gather_result); } TEST(TSGMaster, SetAPPIDUnknown) @@ -55,45 +60,53 @@ TEST(TSGMaster, SetAPPIDUnknown) TEST(TSGMaster, ShapingSetRuleIds) { const struct streaminfo a_stream={0}; - struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + struct maat_rule shaping_result[MAX_RESULT_NUM]={0}; for(int i=0; ishaping_result_num); - for(int i=0; ishaping_result_num; i++) + const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING); + EXPECT_NE(nullptr, hited_shaping); + EXPECT_EQ(MAX_RESULT_NUM, hited_shaping->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id); } - - free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id)); + + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping); + session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING)); } int shaping_policy_notify_cb(const struct streaminfo *stream, int bridge_id, void *data) { - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)data; - EXPECT_NE(nullptr, shaping_label); - EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num); - for(int i=0; ishaping_result_num; i++) + struct matched_policy_rules *hited_shaping=(struct matched_policy_rules *)data; + EXPECT_NE(nullptr, hited_shaping); + EXPECT_EQ(MAX_RESULT_NUM, hited_shaping->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id); } return 0; @@ -102,37 +115,38 @@ int shaping_policy_notify_cb(const struct streaminfo *stream, int bridge_id, voi TEST(TSGMaster, ShapingPolicyNotify) { const struct streaminfo a_stream={0}; - struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + struct maat_rule shaping_result[MAX_RESULT_NUM]={0}; for(int i=0; in_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id); - } - - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); - EXPECT_NE(nullptr, shaping_label); - EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num); - for(int i=0; ishaping_result_num; i++) - { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id); } - free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id)); + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping); + session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING)); } int shaping_policy_notify_null_cb(const struct streaminfo *stream, int bridge_id, void *data) @@ -144,24 +158,24 @@ int shaping_policy_notify_null_cb(const struct streaminfo *stream, int bridge_id TEST(TSGMaster, ShapingPolicyNotifyNULL) { const struct streaminfo a_stream={0}; - struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + struct maat_rule shaping_result[MAX_RESULT_NUM]={0}; - stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_policy_notify_null_cb); + stream_bridge_register_data_sync_cb(stream_bridge_build("NOTIFY_SHAPING_RESULT", "w"), shaping_policy_notify_cb); - tsg_notify_hited_shaping_result(&a_stream, shaping_result, 0, 0); - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); - EXPECT_EQ(nullptr, shaping_label); + matched_shaping_rules_deal(&a_stream, shaping_result, 0, 0); + const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING); + EXPECT_EQ(nullptr, hited_shaping); } int shaping_duplicate_policy_notify_cb(const struct streaminfo *stream, int bridge_id, void *data) { - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)data; - EXPECT_NE(nullptr, shaping_label); - EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num); - for(int i=0; ishaping_result_num; i++) + struct matched_policy_rules *hited_shaping=(struct matched_policy_rules *)data; + EXPECT_NE(nullptr, hited_shaping); + EXPECT_EQ(MAX_RESULT_NUM/2, hited_shaping->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id); } return 0; @@ -170,126 +184,120 @@ int shaping_duplicate_policy_notify_cb(const struct streaminfo *stream, int brid TEST(TSGMaster, ShapingDuplicatePolicyNotify) { const struct streaminfo a_stream={0}; - struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + struct maat_rule shaping_result[MAX_RESULT_NUM]={0}; for(int i=0; in_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id); } - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); - EXPECT_NE(nullptr, shaping_label); - EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num); - for(int i=0; ishaping_result_num; i++) - { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); - } + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]); - free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id)); + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping); + session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING)); } TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify) { const struct streaminfo a_stream={0}; - struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + struct maat_rule shaping_result[MAX_RESULT_NUM]={0}; for(int i=0; ishaping_result_num); - for(int i=0; ishaping_result_num; i++) + const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING); + EXPECT_NE(nullptr, hited_shaping); + EXPECT_EQ(MAX_RESULT_NUM/2, hited_shaping->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id); } // Second notify - tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0); - shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM); - EXPECT_EQ(MAX_RESULT_NUM/2, shaping_result_num); - for(int i=0; in_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id); - } - - shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); - EXPECT_NE(nullptr, shaping_label); - EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num); - for(int i=0; ishaping_result_num; i++) - { - EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); - EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id); } - free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id)); + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping); + session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING)); } TEST(TSGMaster, SecurityPolicySendlog) { const struct streaminfo a_stream={0}; - struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; + struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; for(int i=0; isecurity_result_num); - for(int i=0; isecurity_result_num; i++) + const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY); + EXPECT_NE(nullptr, hited_security); + EXPECT_EQ(MAX_RESULT_NUM, hited_security->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action); - EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id); + EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[i].action); + EXPECT_EQ(TSG_ACTION_MONITOR+i, hited_security->rules[i].rule_id); } struct TLD_handle_t * handle=TLD_create(0); - struct Maat_rule_t session_record={0, 2, 1, 0, 0, 0, 0, {0}}; - tsg_log_t log_msg={1, &session_record, (struct streaminfo*)&a_stream}; - tsg_send_log(g_tsg_log_instance, handle, &log_msg, 0); + struct maat_rule session_record={0, 0, 2, 1, 0}; + tsg_send_log(g_tsg_log_instance, handle, &a_stream, LOG_TYPE_SESSION_RECORD, &session_record, 1, 0); int sendlog_cnt=rd_kafka_get_sendlog_cnt(); - EXPECT_EQ(8, sendlog_cnt); + EXPECT_EQ(9, sendlog_cnt); //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(0)); //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(1)); //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(2)); @@ -300,169 +308,331 @@ TEST(TSGMaster, SecurityPolicySendlog) //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(7)); //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(8)); - priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - EXPECT_EQ(nullptr, priority_label); + hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY); + EXPECT_EQ(nullptr, hited_security); } -TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify) -{ - const struct streaminfo a_stream={0}; - struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; - - for(int i=0; isecurity_result_num); - for(int i=0; isecurity_result_num; i++) - { - EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action); - EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id); - } - - // Second notify - tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM/2, 0); - - priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); - EXPECT_NE(nullptr, priority_label); - EXPECT_EQ(MAX_RESULT_NUM/2, priority_label->security_result_num); - for(int i=0; isecurity_result_num; i++) - { - EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action); - EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id); - } - - free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id)); -} - -extern void set_s_chaining_result_to_bridge(const struct streaminfo * a_stream, struct Maat_rule_t * p_result, int p_result_num, int thread_seq); - TEST(TSGMaster, ServiceChainingPolicyNotify) { const struct streaminfo a_stream={0}; - struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0}; + struct maat_rule s_chaining_result[MAX_RESULT_NUM]={0}; for(int i=0; isid); - EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->result_num); - for(int i=0; iresult_num; i++) + EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action); - EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id); + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action); + EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id); } - free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id)); + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining); + session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING)); } TEST(TSGMaster, ServiceChainingDuplicatePolicyMultipleNotify) { const struct streaminfo a_stream={0}; - struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0}; + struct maat_rule s_chaining_result[MAX_RESULT_NUM]={0}; // first for(int i=0; isid); - EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->result_num); - for(int i=0; iresult_num; i++) + EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action); - EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id); + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action); + EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id); } // second for(int i=0; isid); - EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->result_num); - for(int i=0; iresult_num; i++) + EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action); - EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id); + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action); + EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id); } - free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id)); + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining); + session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING)); } TEST(TSGMaster, ServiceChainingPolicyMultipleNotify) { const struct streaminfo a_stream={0}; - struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0}; + struct maat_rule s_chaining_result[MAX_RESULT_NUM]={0}; // first for(int i=0; isid); - EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->result_num); - for(int i=0; iresult_num; i++) + EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules); + for(size_t i=0; in_rules; i++) { - EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action); - EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id); + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action); + EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id); } // second for(int i=MAX_RESULT_NUM/2; isid); - EXPECT_EQ(MAX_RESULT_NUM, hited_s_chaining->result_num); - for(int i=0; iresult_num; i++) - { - EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action); - EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id); + s_chaining_result[i].rule_id=TSG_ACTION_S_CHAINING+i; } - free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id)); + matched_service_chaining_rules_deal(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0); + hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING); + EXPECT_NE(nullptr, hited_s_chaining); + EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules); + for(size_t i=0; in_rules; i++) + { + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action); + EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id); + } + + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining); + session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING)); +} + +TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify) +{ + const struct streaminfo a_stream={0}; + struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; + + for(int i=0; in_rules); + for(size_t i=0; in_rules; i++) + { + EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[i].action); + EXPECT_EQ(TSG_ACTION_MONITOR+i, hited_security->rules[i].rule_id); + } + + // Second notify + session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, matched_policy, MAX_RESULT_NUM/2, 0); + + hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY); + EXPECT_NE(nullptr, hited_security); + EXPECT_EQ(MAX_RESULT_NUM/2, hited_security->n_rules); + for(size_t i=0; in_rules; i++) + { + EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[i].action); + EXPECT_EQ(TSG_ACTION_MONITOR+i, hited_security->rules[i].rule_id); + } + + session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security); + session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY)); +} + +extern int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq); + +TEST(TSGMaster, SecurityPolicyIntercept) +{ + const struct streaminfo a_stream={0}; + struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; + + matched_policy[1].action=TSG_ACTION_INTERCEPT; + matched_policy[1].rule_id=TSG_ACTION_INTERCEPT; + + // Set Intercept + session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[1], 1, 0); + + const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY); + EXPECT_NE(nullptr, hited_security); + EXPECT_EQ(1, hited_security->n_rules); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].action); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].rule_id); + + session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security); + session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY)); +} + + +TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept) +{ + const struct streaminfo a_stream={0}; + struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; + + matched_policy[0].action=TSG_ACTION_MONITOR; + matched_policy[0].rule_id=TSG_ACTION_MONITOR; + + matched_policy[1].action=TSG_ACTION_INTERCEPT; + matched_policy[1].rule_id=TSG_ACTION_INTERCEPT; + + // First Monitor, second Intercpt + session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[0], 1, 0); + + int ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1); + EXPECT_EQ(0, ret); + + ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_SECURITY, &(matched_policy[2]), 1); + EXPECT_EQ(1, ret); + EXPECT_EQ(TSG_ACTION_MONITOR, matched_policy[2].action); + EXPECT_EQ(TSG_ACTION_MONITOR, matched_policy[2].rule_id); + + ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_SECURITY, &(matched_policy[2]), 1); + EXPECT_EQ(1, ret); + EXPECT_EQ(TSG_ACTION_MONITOR, matched_policy[2].action); + EXPECT_EQ(TSG_ACTION_MONITOR, matched_policy[2].rule_id); + + const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY); + EXPECT_NE(nullptr, hited_security); + EXPECT_EQ(1, hited_security->n_rules); + EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[0].action); + EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[0].rule_id); + + session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security); + session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY)); + + // Set Intercept + session_matched_rules_notify(&a_stream, TSG_SERVICE_INTERCEPT, &matched_policy[1], 1, 0); + + ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1); + EXPECT_EQ(1, ret); + EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].action); + EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].rule_id); + + ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1); + EXPECT_EQ(1, ret); + EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].action); + EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].rule_id); + + const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT); + EXPECT_NE(nullptr, hited_intercept); + EXPECT_EQ(1, hited_intercept->n_rules); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id); + + session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept); + session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT)); +} + + +TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify) +{ + const struct streaminfo a_stream={0}; + + // service chaining notify + struct maat_rule service_chaining_result[MAX_RESULT_NUM]={0}; + for(int i=0; in_rules); + for(size_t i=0; in_rules; i++) + { + EXPECT_EQ(TSG_ACTION_S_CHAINING, hitted_service_chaining->rules[i].action); + EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hitted_service_chaining->rules[i].rule_id); + } + + // shping notify + struct maat_rule shaping_result[MAX_RESULT_NUM]={0}; + for(int i=0; in_rules); + for(size_t i=0; in_rules; i++) + { + EXPECT_EQ(TSG_ACTION_SHAPING, hitted_shaping->rules[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, hitted_shaping->rules[i].rule_id); + } + + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(2, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]); + EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[1]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hitted_shaping); + session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING)); + + session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hitted_service_chaining); + session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING)); } int main(int argc, char *argv[]) diff --git a/test/src/gtest_rule.cpp b/test/src/gtest_rule.cpp index 0d55c05..dbd0666 100644 --- a/test/src/gtest_rule.cpp +++ b/test/src/gtest_rule.cpp @@ -2,109 +2,1075 @@ #include #include +#include +#include "tsg_rule.h" +#include "tsg_label.h" #include "tsg_entry.h" -#include "gtest_common.h" #include "tsg_variable.h" -#include -#include +#include "tsg_rule_internal.h" +#include "tsg_protocol_common.h" #include -int init_fs2_handle(const char *conffile) +extern struct maat_runtime_para g_tsg_maat_rt_para; + +const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo * a_stream) { - int value=0,cycle=0; - int output_prometheus=0; - unsigned short fs_server_port=0; - char app_name[128]={0}; - char fs_server_ip[MAX_IPV4_LEN]={0}; - char fs_output_path[128]={0}; - - MESA_load_profile_int_def(conffile, "FIELD_STAT", "CYCLE", &cycle, 30); - MESA_load_profile_short_nodef(conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); - MESA_load_profile_string_nodef(conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); - MESA_load_profile_string_def(conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); - MESA_load_profile_string_def(conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); - MESA_load_profile_int_def(conffile, "FIELD_STAT", "PROMETHEUS", &output_prometheus, 1); - - g_tsg_para.fs2_handle=FS_create_handle(); - - value=1;//Rewrite - FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); - value=1;//Do not create stat thread - FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); - - FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); - FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); - FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); - - value=1; - FS_set_para(g_tsg_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); - - if(fs_server_port > 0 && strlen(fs_server_ip) > 0) - { - FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); - FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); - } - - value=FS_OUTPUT_INFLUX_LINE; - FS_set_para(g_tsg_para.fs2_handle, STATS_FORMAT, &value, sizeof(value)); - - for(int i=0; iref_cnt); - EXPECT_EQ(TSG_METHOD_TYPE_RATE_LIMIT, user_region->method_type); - - EXPECT_NE(nullptr, user_region->deny); - EXPECT_EQ(TSG_DENY_TYPE_MAX, user_region->deny->type); - EXPECT_EQ(1024, user_region->deny->bps); - - EXPECT_EQ(1, user_region->capture.enabled); - EXPECT_EQ(2000, user_region->capture.depth); - - - security_compile_free(0, &rule, srv_def_large, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); - EXPECT_EQ(nullptr, user_region); + return 0; } -TEST(TSGMaster, SecurityDenyPolicyGetRatelimitExData) +int session_mirror_packets_sync(const struct streaminfo * a_stream, struct maat_rule * result, struct mirrored_vlan * vlan) { - struct Maat_rule_t rule={2, 0, 1, 0, 16, 0, 0, {0}}; - struct compile_user_region *user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &rule, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); - EXPECT_NE(nullptr, user_region); - - EXPECT_EQ(2, user_region->ref_cnt); - EXPECT_EQ(TSG_METHOD_TYPE_RATE_LIMIT, user_region->method_type); - - EXPECT_NE(nullptr, user_region->deny); - EXPECT_EQ(TSG_DENY_TYPE_MAX, user_region->deny->type); - EXPECT_EQ(1024, user_region->deny->bps); + return 0; +} - EXPECT_EQ(1, user_region->capture.enabled); - EXPECT_EQ(2000, user_region->capture.depth); +int session_capture_packets_sync(const struct streaminfo * a_stream, struct maat_rule * result, int depth) +{ + return 0; +} + +TEST(TM, ExDataGTPC) +{ + /****************************************************************************************************** + table name: TSG_DYN_MOBILE_IDENTITY_APN_TEID + id teid imsi phone_number apn imei is_valid + "1\t111039813\t460045157065560\t861440152009856\tcmiott.gxqli.mcto60g.com\t8626070583075127\t1", + "2\t111052899\t460045157053102\t861440152041083\tcmiott.wkctf.mcto60g.com\t8626070583008402\t1" + ******************************************************************************************************/ + + long long teid=111039813; + struct umts_user_info *user_info=(struct umts_user_info *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_GTP_IP2SIGNALING].id, (const char *)&teid); + EXPECT_NE(nullptr, user_info); + EXPECT_STREQ("460045157065560", user_info->imsi); + EXPECT_STREQ("861440152009856", user_info->msisdn); + EXPECT_STREQ("111039813.cmiott.gxqli.mcto60g.com", user_info->apn); + EXPECT_STREQ("8626070583075127", user_info->imei); + + teid=111052899; + user_info=(struct umts_user_info *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_GTP_IP2SIGNALING].id, (const char *)&teid); + EXPECT_NE(nullptr, user_info); + EXPECT_STREQ("460045157053102", user_info->imsi); + EXPECT_STREQ("861440152041083", user_info->msisdn); + EXPECT_STREQ("111052899.cmiott.wkctf.mcto60g.com", user_info->apn); + EXPECT_STREQ("8626070583008402", user_info->imei); +} + +TEST(TM, ExDataAPPIDDictUnknown) +{ + /************************************************************************************************************************* + table name: APP_ID_DICT + app_id app_name parent_app_id parent_app_name category subcategory technology risk characteristics depends_on_app_ids implicitly_uses_app_ids deny_action continue_scanning tcp_timeout udp_timeout tcp_half_close tcp_time_wait is_valid + "4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1" + **************************************************************************************************************************/ + long long ll_app_id=4; + struct app_id_dict *dict=(struct app_id_dict *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&ll_app_id); + dict=(struct app_id_dict *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&ll_app_id); + EXPECT_NE(nullptr, dict); + EXPECT_EQ(4, dict->app_id); + EXPECT_STREQ("unknown", dict->app_name); + EXPECT_EQ(0, dict->parent_app_id); + EXPECT_STREQ(nullptr, dict->parent_app_name); + + EXPECT_STREQ("category", dict->category); + EXPECT_STREQ("subcategory", dict->subcategory); + EXPECT_STREQ("technology", dict->technology); + EXPECT_STREQ("risk", dict->risk); + EXPECT_STREQ("characteristics", dict->characteristics); + //depends_on_app_ids + //implicitly_uses_app_ids + // deny_action + EXPECT_EQ(1, dict->continue_scanning); + EXPECT_EQ(3600, dict->tcp_timeout); + EXPECT_EQ(3600, dict->udp_timeout); + EXPECT_EQ(1800, dict->tcp_half_close); + EXPECT_EQ(1800, dict->tcp_time_wait); + + dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, ll_app_id); +} + +TEST(TM, ExDataAPPIDDictDenyActionDrop) +{ + /************************************************************************************************************************* + table name: APP_ID_DICT + app_id app_name parent_app_id parent_app_name category subcategory technology risk characteristics depends_on_app_ids implicitly_uses_app_ids deny_action continue_scanning tcp_timeout udp_timeout tcp_half_close tcp_time_wait is_valid + "67\thttp\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"drop\",\"after_n_packets\":0,\"send_icmp_unreachable\":1,\"send_tcp_reset\":1}\t0\t60\t120\t30\t30\t1", + **************************************************************************************************************************/ + long long ll_app_id=67; + struct app_id_dict *dict=(struct app_id_dict *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&ll_app_id); + EXPECT_NE(nullptr, dict); + EXPECT_EQ(67, dict->app_id); + EXPECT_STREQ("http", dict->app_name); + EXPECT_EQ(0, dict->parent_app_id); + EXPECT_STREQ(nullptr, dict->parent_app_name); + + EXPECT_STREQ("networking", dict->category); + EXPECT_STREQ("infrastructure", dict->subcategory); + EXPECT_STREQ("network-protocol", dict->technology); + EXPECT_STREQ("3", dict->risk); + EXPECT_STREQ("used-by-malware,vulnerability,widely-used", dict->characteristics); + //depends_on_app_ids + //implicitly_uses_app_ids + + //deny_action + EXPECT_EQ(TSG_DENY_TYPE_APP_DROP, dict->deny_app_para.type); + EXPECT_EQ(0, dict->deny_app_para.after_n_packets); + EXPECT_EQ(1, dict->deny_app_para.drop_para.send_icmp_enable); + EXPECT_EQ(1, dict->deny_app_para.drop_para.send_reset_enable); + + EXPECT_EQ(0, dict->continue_scanning); + EXPECT_EQ(60, dict->tcp_timeout); + EXPECT_EQ(120, dict->udp_timeout); + EXPECT_EQ(30, dict->tcp_half_close); + EXPECT_EQ(30, dict->tcp_time_wait); + + dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, ll_app_id); +} + +TEST(TM, ExDataAPPIDDictDenyActionRatelimit) +{ + /************************************************************************************************************************* + table name: APP_ID_DICT + app_id app_name parent_app_id parent_app_name category subcategory technology risk characteristics depends_on_app_ids implicitly_uses_app_ids deny_action continue_scanning tcp_timeout udp_timeout tcp_half_close tcp_time_wait is_valid + "68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\","bps":1000}\t0\t0\t0\t0\t0\t1", + **************************************************************************************************************************/ + long long ll_app_id=68; + struct app_id_dict *dict=(struct app_id_dict *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&ll_app_id); + EXPECT_NE(nullptr, dict); + EXPECT_EQ(68, dict->app_id); + EXPECT_STREQ("https", dict->app_name); + EXPECT_EQ(0, dict->parent_app_id); + EXPECT_STREQ(nullptr, dict->parent_app_name); + + EXPECT_STREQ("networking", dict->category); + EXPECT_STREQ("infrastructure", dict->subcategory); + EXPECT_STREQ("network-protocol", dict->technology); + EXPECT_STREQ("3", dict->risk); + EXPECT_STREQ("used-by-malware,vulnerability,widely-used", dict->characteristics); + //depends_on_app_ids + //implicitly_uses_app_ids + + //deny_action + EXPECT_EQ(TSG_DENY_TYPE_APP_RATELIMIT, dict->deny_app_para.type); + EXPECT_EQ(1000, dict->deny_app_para.bps); + + EXPECT_EQ(0, dict->continue_scanning); + EXPECT_EQ(0, dict->tcp_timeout); + EXPECT_EQ(0, dict->udp_timeout); + EXPECT_EQ(0, dict->tcp_half_close); + EXPECT_EQ(0, dict->tcp_time_wait); + + dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, ll_app_id); +} + +TEST(TM, ExDataASNBuiltIn) +{ + /************************************************************************************************************************* + table name: TSG_IP_ASN_BUILT_IN + **************************************************************************************************************************/ + EXPECT_EQ(1, 1); +} + +TEST(TM, ExDataASNUserDefine) +{ + /************************************************************************************************************************* + table name: TSG_IP_ASN_USER_DEFINED + **************************************************************************************************************************/ + EXPECT_EQ(1, 1); +} + +TEST(TM, ExDataLocationBuiltIn) +{ + /************************************************************************************************************************* + table name: TSG_IP_LOCATION_BUILT_IN + location_id geoname_id addr_type start_ip end_ip latitude longitude coords language continent_abbr continent_full country_abbr country_full province_abbr province_full city_full subdivision_addr time_zone is_valid + "6777621\t1819730\t4\t124.156.128.0\t124.156.191.255\t22.25\t114.1667\t50.0\ten\tAS\tAsia\tHK\tHong\\bKong\tOther\tOther\tOther\tRoad1\tAsia/Hong_Kong\t1", + "3716523\t1814992\t4\t192.168.50.1\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tXin\\bXi\\bGang\tRoad1\tAsia/Shanghai\t1" + **************************************************************************************************************************/ + struct ip_addr temp_addr = {0}; + temp_addr.ip_type = 4; + temp_addr.ipv4 = inet_addr("124.156.128.1"); + struct location_info *location = NULL; + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_BUILT_IN].id, &temp_addr, (void **)&location, 1); + + EXPECT_STREQ("Other", location->city_full); + EXPECT_STREQ("Hong Kong", location->country_full); + EXPECT_STREQ("Other", location->province_full); + EXPECT_STREQ(NULL, location->subdivision_addr); + EXPECT_EQ(2, location->ref_cnt); + + temp_addr.ipv4 = inet_addr("192.168.50.2"); + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_BUILT_IN].id, &temp_addr, (void **)&location, 1); + + EXPECT_STREQ("Xin Xi Gang", location->city_full); + EXPECT_STREQ("China", location->country_full); + EXPECT_STREQ("Beijing", location->province_full); + EXPECT_STREQ(NULL, location->subdivision_addr); // location_field_num == 18; not 19 + EXPECT_EQ(2, location->ref_cnt); + + location = NULL; + temp_addr.ipv4 = inet_addr("124.156.127.1"); + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_BUILT_IN].id, &temp_addr, (void **)&location, 1); + EXPECT_EQ(NULL, location); +} + +TEST(TM, ExDataLocationUserDefine) +{ + /************************************************************************************************************************* + table name: TSG_IP_LOCATION_USER_DEFINED + location_id geoname_id addr_type start_ip end_ip latitude longitude coords language continent_abbr continent_full country_abbr country_full province_abbr province_full city_full subdivision_addr time_zone is_valid + "371652\t181499\t4\t192.168.50.10\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tHua\\bYan\\bBei\\bLi\tRoad1\tAsia/Shanghai\t1" + **************************************************************************************************************************/ + struct ip_addr temp_addr = {0}; + temp_addr.ip_type = 4; + temp_addr.ipv4 = inet_addr("192.168.50.11"); + struct location_info *location = NULL; + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_USER_DEFINED].id, &temp_addr, (void **)&location, 1); + + EXPECT_STREQ("Hua Yan Bei Li", location->city_full); + EXPECT_STREQ("China", location->country_full); + EXPECT_STREQ("Beijing", location->province_full); + EXPECT_STREQ(NULL, location->subdivision_addr); // location_field_num == 18; not 19 + EXPECT_EQ(2, location->ref_cnt); + + location = NULL; + temp_addr.ipv4 = inet_addr("124.156.127.1"); + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_USER_DEFINED].id, &temp_addr, (void **)&location, 1); + EXPECT_EQ(NULL, location); +} + +TEST(TM, ExDataFQDNCategoryBuiltIn) +{ + /************************************************************************************************************************* + table name: TSG_FQDN_CATEGORY_BUILT_IN + id category_id fqdn match_method(0=complete,1=suf) is_valid + "106285681\t4\t106285681.201198.com\t1\t1", + "106285682\t5\t106285682.201198.com\t1\t1" + **************************************************************************************************************************/ + struct fqdn_category *category_ids[2] = {0}; + int ret = maat_fqdn_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_FQDN_CAT_BUILT_IN].id, "106285681.201198.com", (void **)category_ids, 2); + EXPECT_EQ(1, ret); + EXPECT_EQ(4, category_ids[0]->category_id); + EXPECT_EQ(NULL, category_ids[1]); + + category_ids[0] = NULL; + ret = 0; + ret = maat_fqdn_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_FQDN_CAT_BUILT_IN].id, "106285682.201198.com", (void **)category_ids, 2); + EXPECT_EQ(1, ret); + EXPECT_EQ(5, category_ids[0]->category_id); + EXPECT_EQ(NULL, category_ids[1]); + + category_ids[0] = NULL; +} + +TEST(TM, ExDataFQDNCategoryUserDefine) +{ + /************************************************************************************************************************* + table name: TSG_FQDN_CATEGORY_USER_DEFINED + id category_id fqdn match_method(0=complete,1=suf) is_valid + "1106285681\t4\t1106285681.201198.com\t1\t1", + "1106285682\t5\t1106285682.201198.com\t1\t1" + **************************************************************************************************************************/ + struct fqdn_category *category_ids[2] = {0}; + int ret = maat_fqdn_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_FQDN_CAT_USER_DEFINED].id, "1106285681.201198.com", (void **)category_ids, 2); + EXPECT_EQ(1, ret); + EXPECT_EQ(4, category_ids[0]->category_id); + EXPECT_EQ(NULL, category_ids[1]); + + category_ids[0] = NULL; + ret = 0; + ret = maat_fqdn_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_FQDN_CAT_USER_DEFINED].id, "1106285682.201198.com", (void **)category_ids, 2); + EXPECT_EQ(1, ret); + EXPECT_EQ(5, category_ids[0]->category_id); + EXPECT_EQ(NULL, category_ids[1]); + + category_ids[0] = NULL; +} + +TEST(TM, ExDataTunnelCatalog) +{ + /************************************************************************************************************************* + table name: TSG_TUNNEL_CATALOG + tunnel_id tunnel_name tunnel_type composition is_valid + "977\t1.1.1.1-1.1.1.1\tGTP\t1367\t1", + "978\t1.1.1.1-1.1.1.1\tGTP\t1367&1605\t1" + **************************************************************************************************************************/ + struct tunnel_catalog *t_catalog[3] = {0}; + unsigned long long bool_id_array[2] = {1367, 1605}; + size_t n_bool_id_array = 2; + int ret = maat_bool_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_CATALOG].id, (unsigned long long *)bool_id_array, n_bool_id_array, (void **)(&t_catalog), 3); + + EXPECT_EQ(2, ret); + EXPECT_EQ(978, t_catalog[0]->id); + EXPECT_STREQ("1.1.1.1-1.1.1.1", t_catalog[0]->name); + EXPECT_STREQ("GTP", t_catalog[0]->type); + EXPECT_STREQ("1367&1605", t_catalog[0]->composition); + + EXPECT_EQ(977, t_catalog[1]->id); + EXPECT_STREQ("1.1.1.1-1.1.1.1", t_catalog[1]->name); + EXPECT_STREQ("GTP", t_catalog[1]->type); + EXPECT_STREQ("1367", t_catalog[1]->composition); + + EXPECT_EQ(NULL, t_catalog[2]); + t_catalog[0] = NULL; + t_catalog[1] = NULL; +} + +TEST(TM, ExDataTunnelEndpoint) +{ + /************************************************************************************************************************* + table name: TSG_TUNNEL_ENDPOINT + endpoint_id endpoint_group_id addr_type addr_format ip1 ip2 description is_valid + "989\t4\t192.50.0.0\t192.50.255.255\ttest\t1", + "990\t4\t192.50.0.0\t192.50.255.255\ttest\t1" + **************************************************************************************************************************/ + struct tunnel_endpoint *all_endpoint[3] = {0}; + struct ip_addr temp_addr = {0}; + temp_addr.ip_type = 4; + temp_addr.ipv4 = inet_addr("192.50.0.0"); + int ret = maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (const struct ip_addr *)&temp_addr, (void **)all_endpoint, 3); + + EXPECT_EQ(2, ret); + EXPECT_EQ(989, all_endpoint[0]->id); + EXPECT_STREQ("test", all_endpoint[0]->description); + EXPECT_EQ(990, all_endpoint[1]->id); + EXPECT_STREQ("test", all_endpoint[1]->description); + + ret = 0; + all_endpoint[0] = NULL; + all_endpoint[1] = NULL; + temp_addr.ipv4 = inet_addr("192.50.255.255"); + ret = maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (const struct ip_addr *)&temp_addr, (void **)all_endpoint, 3); + + EXPECT_EQ(2, ret); + EXPECT_EQ(989, all_endpoint[0]->id); + EXPECT_STREQ("test", all_endpoint[0]->description); + EXPECT_EQ(990, all_endpoint[1]->id); + EXPECT_STREQ("test", all_endpoint[1]->description); + + all_endpoint[0] = NULL; + all_endpoint[1] = NULL; +} + +TEST(TM, ExDataTunnelLabel) +{ + /************************************************************************************************************************* + table name: TSG_TUNNEL_LABEL + label_id label_group_id label is_valid + "15560\t15560\tVLAN_ID\t1", + "15561\t15561\tVLAN_ID\t1" + **************************************************************************************************************************/ + void *label_id = maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_LABEL].id, "VLAN_ID"); + EXPECT_EQ(0, (long long)label_id); +} + +TEST(TM, ExDataSubscriberID) +{ + /************************************************************************************************************************* + table name: TSG_DYN_SUBSCRIBER_IP + id addr_type ip subscriber_id is_valid + "1299\t4\t192.168.56.28\ttest5628\t1", + "1300\t4\t192.168.56.28\ttest5627\t1" + **************************************************************************************************************************/ + struct subscribe_id_info *subscribe_id = (struct subscribe_id_info *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SUBSCRIBER_IP2ID].id, "192.168.56.28"); + EXPECT_STREQ("test5628", subscribe_id->subscribe_id); + + subscribe_id = (struct subscribe_id_info *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SUBSCRIBER_IP2ID].id, "192.168.56.27"); + EXPECT_STREQ("test5627", subscribe_id->subscribe_id); + + subscribe_id = (struct subscribe_id_info *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SUBSCRIBER_IP2ID].id, "192.168.56.26"); + EXPECT_EQ(NULL, subscribe_id); +} + +TEST(TM, ExDataDNSRecordsProfileA) +{ + /************************************************************************************************************************* + table name: TSG_PROFILE_DNS_RECORDS + record_id record_name record_type record_values is_valid + "8119\teditTypeA\tA\t[{\"value\":\"1.1.1.1\",\"priority\":null},{\"value\":\"2.2.2.2\",\"priority\":null},{\"value\":\"3.3.3.3\",\"priority\":null}]\t1", + "7961\tFile\tAAAA\t[{\"value\":\"1030::C9B4:FF12:48AA:1A2B\",\"priority\":null},{\"value\":\"1030::C9B4:FF12:48AA:1A2C\",\"priority\":null}]\t1", + "7701\tTypeCNAME\tCNAME\t[{\"value\":\"www.facebook.com\",\"priority\":null},{\"value\":\"www.twitter.com\",\"priority\":null}]\t1" + **************************************************************************************************************************/ + long long profile_id = 8119; + struct dns_profile_records *profile_records = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + EXPECT_EQ(8119, profile_records->record_id); + EXPECT_EQ(1, profile_records->answer_type); + EXPECT_EQ(3, profile_records->record_num); + + EXPECT_EQ(1, profile_records->record_val[0].answer_type); + EXPECT_EQ(4, profile_records->record_val[0].len); + EXPECT_EQ(0, profile_records->record_val[0].selected_flag); + EXPECT_EQ(inet_addr("1.1.1.1"), profile_records->record_val[0].v4_addr.s_addr); + + EXPECT_EQ(1, profile_records->record_val[1].answer_type); + EXPECT_EQ(4, profile_records->record_val[1].len); + EXPECT_EQ(0, profile_records->record_val[1].selected_flag); + EXPECT_EQ(inet_addr("2.2.2.2"), profile_records->record_val[1].v4_addr.s_addr); + + EXPECT_EQ(1, profile_records->record_val[2].answer_type); + EXPECT_EQ(4, profile_records->record_val[2].len); + EXPECT_EQ(0, profile_records->record_val[2].selected_flag); + EXPECT_EQ(inet_addr("3.3.3.3"), profile_records->record_val[2].v4_addr.s_addr); + + profile_id = 8110; + profile_records = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + EXPECT_EQ(NULL, profile_records); +} + +TEST(TM, ExDataDNSRecordsProfileAAAA) +{ + /************************************************************************************************************************* + table name: TSG_PROFILE_DNS_RECORDS + record_id record_name record_type record_values is_valid + "8119\teditTypeA\tA\t[{\"value\":\"1.1.1.1\",\"priority\":null},{\"value\":\"2.2.2.2\",\"priority\":null},{\"value\":\"3.3.3.3\",\"priority\":null}]\t1", + "7961\tFile\tAAAA\t[{\"value\":\"1030::C9B4:FF12:48AA:1A2B\",\"priority\":null},{\"value\":\"1030::C9B4:FF12:48AA:1A2C\",\"priority\":null}]\t1", + "7701\tTypeCNAME\tCNAME\t[{\"value\":\"www.facebook.com\",\"priority\":null},{\"value\":\"www.twitter.com\",\"priority\":null}]\t1" + **************************************************************************************************************************/ + long long profile_id = 7961; + uint8_t u6_addr8[16] = {0}; + struct dns_profile_records *profile_records = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + EXPECT_EQ(7961, profile_records->record_id); + EXPECT_EQ(28, profile_records->answer_type); + EXPECT_EQ(2, profile_records->record_num); + + EXPECT_EQ(28, profile_records->record_val[0].answer_type); + EXPECT_EQ(16, profile_records->record_val[0].len); + EXPECT_EQ(0, profile_records->record_val[0].selected_flag); + inet_pton(AF_INET6, "1030::C9B4:FF12:48AA:1A2B", u6_addr8); + EXPECT_EQ(0, memcmp(u6_addr8, profile_records->record_val[0].v6_addr.__in6_u.__u6_addr8, 16)); + + EXPECT_EQ(28, profile_records->record_val[1].answer_type); + EXPECT_EQ(16, profile_records->record_val[1].len); + EXPECT_EQ(0, profile_records->record_val[1].selected_flag); + inet_pton(AF_INET6, "1030::C9B4:FF12:48AA:1A2C", u6_addr8); + EXPECT_EQ(0, memcmp(u6_addr8, profile_records->record_val[1].v6_addr.__in6_u.__u6_addr8, 16)); + + profile_id = 8110; + profile_records = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + EXPECT_EQ(NULL, profile_records); +} + +TEST(TM, ExDataDNSRecordsProfileCNAME) +{ + /************************************************************************************************************************* + table name: TSG_PROFILE_DNS_RECORDS + record_id record_name record_type record_values is_valid + "8119\teditTypeA\tA\t[{\"value\":\"1.1.1.1\",\"priority\":null},{\"value\":\"2.2.2.2\",\"priority\":null},{\"value\":\"3.3.3.3\",\"priority\":null}]\t1", + "7961\tFile\tAAAA\t[{\"value\":\"1030::C9B4:FF12:48AA:1A2B\",\"priority\":null},{\"value\":\"1030::C9B4:FF12:48AA:1A2C\",\"priority\":null}]\t1", + "7701\tTypeCNAME\tCNAME\t[{\"value\":\"www.facebook.com\",\"priority\":null},{\"value\":\"www.twitter.com\",\"priority\":null}]\t1" + **************************************************************************************************************************/ + long long profile_id = 7701; + struct dns_profile_records *profile_records = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + EXPECT_EQ(7701, profile_records->record_id); + EXPECT_EQ(5, profile_records->answer_type); + EXPECT_EQ(2, profile_records->record_num); + + EXPECT_EQ(5, profile_records->record_val[0].answer_type); + EXPECT_EQ(strlen("www.facebook.com"), profile_records->record_val[0].len); + EXPECT_EQ(0, profile_records->record_val[0].selected_flag); + EXPECT_STREQ("www.facebook.com", profile_records->record_val[0].cname); + + EXPECT_EQ(5, profile_records->record_val[1].answer_type); + EXPECT_EQ(strlen("www.twitter.com"), profile_records->record_val[1].len); + EXPECT_EQ(0, profile_records->record_val[1].selected_flag); + EXPECT_STREQ("www.twitter.com", profile_records->record_val[1].cname); + + profile_id = 8110; + profile_records = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + EXPECT_EQ(NULL, profile_records); +} + +TEST(TM, ExDataResponsePagesProfile) +{ + /************************************************************************************************************************* + table name: TSG_PROFILE_RESPONSE_PAGES + profile_id profile_name format path is_valid + "957\ttest-html-1\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.1\t1", + "958\ttest-html-2\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.2\t1" + **************************************************************************************************************************/ + long long profile_id = 957; + struct http_response_pages *response_pages = (struct http_response_pages *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_RESPONSE_PAGES].id, (const char *)&profile_id); + EXPECT_EQ(957, response_pages->profile_id); + EXPECT_EQ(HTTP_RESPONSE_FORMAT_HTML, response_pages->format); + EXPECT_EQ(strlen("test1"), response_pages->content_len); + EXPECT_STREQ("test1", response_pages->content); + + profile_id = 958; + response_pages = (struct http_response_pages *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_RESPONSE_PAGES].id, (const char *)&profile_id); + EXPECT_EQ(958, response_pages->profile_id); + EXPECT_EQ(HTTP_RESPONSE_FORMAT_HTML, response_pages->format); + EXPECT_EQ(strlen("test2"), response_pages->content_len); + EXPECT_STREQ("test2", response_pages->content); + + profile_id = 959; + response_pages = (struct http_response_pages *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_RESPONSE_PAGES].id, (const char *)&profile_id); + EXPECT_EQ(NULL, response_pages); +} + +TEST(TM, ExDataTrafficMirrorProfile) +{ + /************************************************************************************************************************* + table name: TSG_PROFILE_TRAFFIC_MIRROR + profile_id profile_name vlan_ids is_valid + "845\t168.50.28yinyong\t[3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34]\t1", + "123\ttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest\t[66]\t1" + **************************************************************************************************************************/ + long long profile_id = 845; + struct traffic_mirror_profile *mirror_profile = (struct traffic_mirror_profile *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_PROFILE_MIRROR].id, (const char *)&(profile_id)); + EXPECT_EQ(845, mirror_profile->profile_id); + EXPECT_EQ(32, mirror_profile->vlan.num); + for (int i = 0; i < 32; i++) + { + EXPECT_EQ(i + 3, mirror_profile->vlan.id[i]); + } + + profile_id = 123; + mirror_profile = (struct traffic_mirror_profile *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_PROFILE_MIRROR].id, (const char *)&(profile_id)); + EXPECT_EQ(123, mirror_profile->profile_id); + EXPECT_EQ(1, mirror_profile->vlan.num); + EXPECT_EQ(66, mirror_profile->vlan.id[0]); + + profile_id = 124; + mirror_profile = (struct traffic_mirror_profile *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_PROFILE_MIRROR].id, (const char *)&(profile_id)); + EXPECT_EQ(NULL, mirror_profile); +} + +TEST(TM, ExDataSessionRecordEnable) +{ + /************************************************************************************************************************* + table name: T_VSYS_INFO + id is_enable_session_record is_valid + "6\t1\t1" + **************************************************************************************************************************/ + EXPECT_EQ(g_tsg_maat_rt_para.session_record_switch, 1); +} + +TEST(TMAPI, GetUmtsUserInfoFromRedis) +{ + /****************************************************************************************************** + table name: TSG_DYN_MOBILE_IDENTITY_APN_TEID + id teid imsi phone_number apn imei is_valid + "1\t111039813\t460045157065560\t861440152009856\tcmiott.gxqli.mcto60g.com\t8626070583075127\t1", + "2\t111052899\t460045157053102\t861440152041083\tcmiott.wkctf.mcto60g.com\t8626070583008402\t1" + ******************************************************************************************************/ + + long long teid = 111039813; + struct umts_user_info *user_info = (struct umts_user_info *)tsg_get_umts_user_info_form_redis(g_tsg_maat_feather, teid); + struct umts_user_info *user_info_right = (struct umts_user_info *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_GTP_IP2SIGNALING].id, (const char *)&teid); + EXPECT_EQ(user_info, user_info_right); + + teid = 111052899; + user_info = (struct umts_user_info *)tsg_get_umts_user_info_form_redis(g_tsg_maat_feather, teid); + user_info_right = (struct umts_user_info *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_GTP_IP2SIGNALING].id, (const char *)&teid); + EXPECT_EQ(user_info, user_info_right); + + user_info = NULL; + user_info_right = NULL; +} + +TEST(TMAPI, GetAppIdDictUnknown) +{ + /************************************************************************************************************************* + table name: APP_ID_DICT + app_id app_name parent_app_id parent_app_name category subcategory technology risk characteristics depends_on_app_ids implicitly_uses_app_ids deny_action continue_scanning tcp_timeout udp_timeout tcp_half_close tcp_time_wait is_valid + "4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1" + **************************************************************************************************************************/ + long long ll_app_id = 4; + struct app_id_dict *dict_right = (struct app_id_dict *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&ll_app_id); + struct app_id_dict *dict = (struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, ll_app_id); + EXPECT_EQ(dict_right, dict); + + dict_right = NULL; + dict = NULL; +} + +TEST(TMAPI, GetAppIdDictDenyActionDrop) +{ + /************************************************************************************************************************* + table name: APP_ID_DICT + app_id app_name parent_app_id parent_app_name category subcategory technology risk characteristics depends_on_app_ids implicitly_uses_app_ids deny_action continue_scanning tcp_timeout udp_timeout tcp_half_close tcp_time_wait is_valid + "67\thttp\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"drop\",\"after_n_packets\":0,\"send_icmp_unreachable\":1,\"send_tcp_reset\":1}\t0\t60\t120\t30\t30\t1", + **************************************************************************************************************************/ + long long ll_app_id = 67; + struct app_id_dict *dict_right = (struct app_id_dict *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&ll_app_id); + struct app_id_dict *dict = (struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, ll_app_id); + EXPECT_EQ(dict_right, dict); + + dict_right = NULL; + dict = NULL; +} + +TEST(TMAPI, GetAppIdDictDenyActionRatelimit) +{ + /************************************************************************************************************************* + table name: APP_ID_DICT + app_id app_name parent_app_id parent_app_name category subcategory technology risk characteristics depends_on_app_ids implicitly_uses_app_ids deny_action continue_scanning tcp_timeout udp_timeout tcp_half_close tcp_time_wait is_valid + "68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\","bps":1000}\t0\t0\t0\t0\t0\t1", + **************************************************************************************************************************/ + long long ll_app_id = 68; + struct app_id_dict *dict_right = (struct app_id_dict *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&ll_app_id); + struct app_id_dict *dict = (struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, ll_app_id); + EXPECT_EQ(dict_right, dict); + + dict_right = NULL; + dict = NULL; +} + +TEST(TMAPI, GetAppNameByIdIllegalPara) +{ + // int tsg_get_app_name_by_id(int app_id, char *app_name, int app_name_len, int is_joint_parent) + char app_name[128] = {0}; + EXPECT_EQ(0, tsg_get_app_name_by_id(g_tsg_maat_feather, 0, app_name, 128, 1)); + EXPECT_EQ(0, tsg_get_app_name_by_id(g_tsg_maat_feather, 68, NULL, 128, 1)); + EXPECT_EQ(0, tsg_get_app_name_by_id(g_tsg_maat_feather, 68, app_name, 0, 1)); +} + +TEST(TMAPI, GetAppNameByIdParentAppId0) +{ + /************************************************************************************************************************* + table name: APP_ID_DICT + app_id app_name parent_app_id parent_app_name category subcategory technology risk characteristics depends_on_app_ids implicitly_uses_app_ids deny_action continue_scanning tcp_timeout udp_timeout tcp_half_close tcp_time_wait is_valid + "68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\","bps":1000}\t0\t0\t0\t0\t0\t1", + **************************************************************************************************************************/ + int app_id = 68; + char app_name[128] = {0}; + EXPECT_EQ(0, tsg_get_app_name_by_id(g_tsg_maat_feather, app_id, app_name, 2, 1)); + EXPECT_EQ(strlen("https"), tsg_get_app_name_by_id(g_tsg_maat_feather, app_id, app_name, 128, 1)); +} + +TEST(TMAPI, GetAppNameByIdParentAppId1) +{ + /************************************************************************************************************************* + table name: APP_ID_DICT + app_id app_name parent_app_id parent_app_name category subcategory technology risk characteristics depends_on_app_ids implicitly_uses_app_ids deny_action continue_scanning tcp_timeout udp_timeout tcp_half_close tcp_time_wait is_valid + "70\thttps\t1\tssl\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\","bps":1000}\t0\t0\t0\t0\t0\t1", + **************************************************************************************************************************/ + int app_id = 70; + char app_name[128] = {0}; + EXPECT_EQ(0, tsg_get_app_name_by_id(g_tsg_maat_feather, app_id, app_name, 2, 1)); + EXPECT_EQ(strlen("ssl.https"), tsg_get_app_name_by_id(g_tsg_maat_feather, app_id, app_name, 128, 1)); +} + +TEST(TMAPI, GetLocationInfoLocationBuiltIn) +{ + /************************************************************************************************************************* + table name: TSG_IP_LOCATION_BUILT_IN + location_id geoname_id addr_type start_ip end_ip latitude longitude coords language continent_abbr continent_full country_abbr country_full province_abbr province_full city_full subdivision_addr time_zone is_valid + "6777621\t1819730\t4\t124.156.128.0\t124.156.191.255\t22.25\t114.1667\t50.0\ten\tAS\tAsia\tHK\tHong\\bKong\tOther\tOther\tOther\tRoad1\tAsia/Hong_Kong\t1", + "3716523\t1814992\t4\t192.168.50.1\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tXin\\bXi\\bGang\tRoad1\tAsia/Shanghai\t1" + **************************************************************************************************************************/ + struct streaminfo a_stream = {0}; + struct stream_tuple4_v4 tuple4_v4 = {0}; + struct location_info *client_location = NULL, *server_location = NULL; + tuple4_v4.daddr = inet_addr("124.156.128.2"); + tuple4_v4.saddr = inet_addr("192.168.50.3"); + a_stream.addr.addrtype = ADDR_TYPE_IPV4; + a_stream.addr.tuple4_v4 = &tuple4_v4; + srt_attribute_set_ip_location(&a_stream, g_tsg_maat_feather, &client_location, &server_location); + + struct ip_addr temp_addr = {0}; + temp_addr.ip_type = 4; + temp_addr.ipv4 = inet_addr("124.156.128.1"); + struct location_info *location = NULL; + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_BUILT_IN].id, &temp_addr, (void **)&location, 1); + EXPECT_EQ(server_location, location); + + temp_addr.ipv4 = inet_addr("192.168.50.2"); + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_BUILT_IN].id, &temp_addr, (void **)&location, 1); + EXPECT_EQ(client_location, location); + + location = NULL; + client_location = NULL; + server_location = NULL; + tuple4_v4.daddr = inet_addr("124.156.127.1"); + tuple4_v4.saddr = inet_addr("192.168.49.1"); + a_stream.addr.tuple4_v4 = &tuple4_v4; + srt_attribute_set_ip_location(&a_stream, g_tsg_maat_feather, &client_location, &server_location); + EXPECT_EQ(NULL, server_location); + EXPECT_EQ(NULL, client_location); +} + +TEST(TMAPI, GetLocationInfoLocationUserDefine) +{ + /************************************************************************************************************************* + table name: TSG_IP_LOCATION_USER_DEFINED + location_id geoname_id addr_type start_ip end_ip latitude longitude coords language continent_abbr continent_full country_abbr country_full province_abbr province_full city_full subdivision_addr time_zone is_valid + "371652\t181499\t4\t192.168.50.10\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tHua\\bYan\\bBei\\bLi\tRoad1\tAsia/Shanghai\t1" + **************************************************************************************************************************/ + struct streaminfo a_stream = {0}; + struct stream_tuple4_v4 tuple4_v4 = {0}; + struct location_info *client_location = NULL, *server_location = NULL; + tuple4_v4.saddr = inet_addr("192.168.50.11"); + tuple4_v4.daddr = inet_addr("192.168.50.12"); + a_stream.addr.addrtype = ADDR_TYPE_IPV4; + a_stream.addr.tuple4_v4 = &tuple4_v4; + srt_attribute_set_ip_location(&a_stream, g_tsg_maat_feather, &client_location, &server_location); + + struct ip_addr temp_addr = {0}; + temp_addr.ip_type = 4; + temp_addr.ipv4 = inet_addr("192.168.50.11"); + struct location_info *location = NULL; + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_USER_DEFINED].id, &temp_addr, (void **)&location, 1); + EXPECT_EQ(client_location, location); + EXPECT_EQ(server_location, location); +} + +TEST(TMAPI, GetLocationInfoBoth) +{ + /************************************************************************************************************************* + table name: TSG_IP_LOCATION_USER_DEFINED + location_id geoname_id addr_type start_ip end_ip latitude longitude coords language continent_abbr continent_full country_abbr country_full province_abbr province_full city_full subdivision_addr time_zone is_valid + "371652\t181499\t4\t192.168.50.10\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tHua\\bYan\\bBei\\bLi\tRoad1\tAsia/Shanghai\t1" + **************************************************************************************************************************/ + /************************************************************************************************************************* + table name: TSG_IP_LOCATION_BUILT_IN + location_id geoname_id addr_type start_ip end_ip latitude longitude coords language continent_abbr continent_full country_abbr country_full province_abbr province_full city_full subdivision_addr time_zone is_valid + "6777621\t1819730\t4\t124.156.128.0\t124.156.191.255\t22.25\t114.1667\t50.0\ten\tAS\tAsia\tHK\tHong\\bKong\tOther\tOther\tOther\tRoad1\tAsia/Hong_Kong\t1", + "3716523\t1814992\t4\t192.168.50.1\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tXin\\bXi\\bGang\tRoad1\tAsia/Shanghai\t1" + **************************************************************************************************************************/ + struct streaminfo a_stream = {0}; + struct stream_tuple4_v4 tuple4_v4 = {0}; + struct location_info *client_location = NULL, *server_location = NULL; + tuple4_v4.saddr = inet_addr("124.156.128.11"); + tuple4_v4.daddr = inet_addr("192.168.50.12"); + a_stream.addr.addrtype = ADDR_TYPE_IPV4; + a_stream.addr.tuple4_v4 = &tuple4_v4; + srt_attribute_set_ip_location(&a_stream, g_tsg_maat_feather, &client_location, &server_location); // find in MAAT_PLUGIN_LOCATION_USER_DEFINED + + struct ip_addr temp_addr = {0}; + temp_addr.ip_type = 4; + temp_addr.ipv4 = inet_addr("192.168.50.11"); + struct location_info *location = NULL; + maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_LOCATION_BUILT_IN].id, &temp_addr, (void **)&location, 1); + EXPECT_NE(server_location, client_location); + EXPECT_NE(client_location, location); + EXPECT_NE(server_location, location); +} + +TEST(TMAPI, GetFQDNCategoryIdUserDefine) +{ + /************************************************************************************************************************* + table name: TSG_FQDN_CATEGORY_USER_DEFINED + id category_id fqdn match_method(0=complete,1=suf) is_valid + "1106285683\t6\t1106285683.201198.com\t1\t1", + "1106285684\t7\t1106285684.201198.com\t1\t1" + "1106285685\t7\t1106285684.201198.com\t1\t1" + **************************************************************************************************************************/ + unsigned int category_ids[3] = {0}; + int ret = tsg_get_fqdn_category_ids(g_tsg_maat_feather, (char *)"1106285683.201198.com", category_ids, MAX_CATEGORY_ID_NUM); + EXPECT_EQ(1, ret); + EXPECT_EQ(6, category_ids[0]); + + category_ids[0] = 0; + ret = 0; + ret = tsg_get_fqdn_category_ids(g_tsg_maat_feather, (char *)"1106285684.201198.com", category_ids, MAX_CATEGORY_ID_NUM); // get_fqdn_category_id 去重 + EXPECT_EQ(1, ret); + EXPECT_EQ(7, category_ids[0]); + EXPECT_EQ(0, category_ids[1]); +} + +TEST(TMAPI, GetFQDNCategoryIdBuiltIn) +{ + /************************************************************************************************************************* + table name: TSG_FQDN_CATEGORY_BUILT_IN + id category_id fqdn match_method(0=complete,1=suf) is_valid + "106285688\t8\t106285688.201198.com\t1\t1", + "106285689\t9\t106285689.201198.com\t1\t1" + "106285690\t9\t106285689.201198.com\t1\t1" + "106285691\t10\t1106285683.201198.com\t1\t1" + **************************************************************************************************************************/ + unsigned int category_ids[3] = {0}; + int ret = tsg_get_fqdn_category_ids(g_tsg_maat_feather, (char *)"106285688.201198.com", category_ids, MAX_CATEGORY_ID_NUM); + EXPECT_EQ(1, ret); + EXPECT_EQ(8, category_ids[0]); + + category_ids[0] = 0; + ret = 0; + ret = tsg_get_fqdn_category_ids(g_tsg_maat_feather, (char *)"106285689.201198.com", category_ids, MAX_CATEGORY_ID_NUM); // get_fqdn_category_id 去重 + EXPECT_EQ(1, ret); + EXPECT_EQ(9, category_ids[0]); + EXPECT_EQ(0, category_ids[1]); +} + +TEST(TMAPI, GetFQDNCategoryIdBoth) +{ + /************************************************************************************************************************* + table name: TSG_FQDN_CATEGORY_BUILT_IN + id category_id fqdn match_method(0=complete,1=suf) is_valid + "106285691\t10\t1106285683.201198.com\t1\t1" + + table name: TSG_FQDN_CATEGORY_USER_DEFINED + id category_id fqdn match_method(0=complete,1=suf) is_valid + "1106285683\t6\t1106285683.201198.com\t1\t1", + **************************************************************************************************************************/ + unsigned int category_ids[3] = {0}; + int ret = tsg_get_fqdn_category_ids(g_tsg_maat_feather, (char *)"1106285683.201198.com", category_ids, MAX_CATEGORY_ID_NUM); // 优先get TSG_FQDN_CATEGORY_USER_DEFINED + EXPECT_EQ(1, ret); + EXPECT_EQ(6, category_ids[0]); + EXPECT_EQ(0, category_ids[1]); +} + +TEST(TMAPI, ScanTunnelId) +{ + /************************************************************************************************************************* + table name: TSG_TUNNEL_CATALOG + tunnel_id tunnel_name tunnel_type composition is_valid + "977\t1.1.1.1-1.1.1.1\tGTP\t1367\t1", + "978\t1.1.1.1-1.1.1.1\tGTP\t1367&1605\t1" + **************************************************************************************************************************/ + + // tsg_scan_tunnel_id(const struct streaminfo *a_stream, struct maat_rule *results, size_t n_results, struct maat_state *s_mid, long long *bool_id_array, size_t n_bool_id_array) + long long bool_id_array[2] = {1367, 1605}; + size_t n_bool_id_array = 2, n_results = 2; + struct streaminfo a_stream = {0}; + struct maat_rule results[2] = {0}; + struct maat_state *s_mid = maat_state_new(g_tsg_maat_feather, 0); + int ret = tsg_scan_tunnel_id(&a_stream, g_tsg_maat_feather, results, n_results, s_mid, bool_id_array, n_bool_id_array); + + EXPECT_EQ(2, ret); + EXPECT_EQ(4, results[0].rule_id); + EXPECT_EQ(16, results[0].action); + EXPECT_EQ(0, results[0].service_id); + EXPECT_EQ(1, results[0].do_log); + + EXPECT_EQ(3, results[1].rule_id); + EXPECT_EQ(1, results[1].action); + EXPECT_EQ(0, results[1].service_id); + EXPECT_EQ(1, results[1].do_log); + maat_state_free(s_mid); + s_mid=NULL; +} + +extern int tsg_get_endpoint_id(const struct streaminfo *a_stream, struct maat *feather, struct tunnel_endpoint **client_endpoint, struct tunnel_endpoint **server_endpoint, long long *endpoint_id_array, int endpoint_id_array_num); +TEST(TMAPI, GetEndPointId) +{ + /************************************************************************************************************************* + table name: TSG_TUNNEL_ENDPOINT + endpoint_id endpoint_group_id addr_type addr_format ip1 ip2 description is_valid + "991\t4\t192.40.128.0\t192.40.255.255\ttest\t1", + "992\t4\t192.40.0.0\t192.40.127.255\ttest\t1" + **************************************************************************************************************************/ + + // int tsg_get_endpoint_id(const struct streaminfo *a_stream, struct maat *feather, struct tunnel_endpoint **client_endpoint, struct tunnel_endpoint **server_endpoint, long long *endpoint_id_array, int endpoint_id_array_num) + long long endpoint_id_array[128] = {0}; + int endpoint_id_array_num = 128; + struct streaminfo a_stream = {0}; + struct stream_tuple4_v4 tuple4_v4 = {0}; + struct tunnel_endpoint *client_endpoint = NULL, *server_endpoint = NULL; + tuple4_v4.daddr = inet_addr("192.40.128.1"); + tuple4_v4.saddr = inet_addr("192.40.0.1"); + a_stream.addr.addrtype = ADDR_TYPE_IPV4; + a_stream.addr.tuple4_v4 = &tuple4_v4; + + int ret = tsg_get_endpoint_id(&a_stream, g_tsg_maat_feather, &client_endpoint, &server_endpoint, endpoint_id_array, endpoint_id_array_num); + EXPECT_EQ(2, ret); + EXPECT_EQ(992, endpoint_id_array[0]); + EXPECT_EQ(991, endpoint_id_array[1]); + + ret = 0; + struct tunnel_endpoint *all_endpoint[2] = {0}; + struct ip_addr temp_addr = {0}; + temp_addr.ip_type = 4; + temp_addr.ipv4 = inet_addr("192.40.128.1"); + ret = maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (const struct ip_addr *)&temp_addr, (void **)all_endpoint, 2); + + EXPECT_EQ(1, ret); + EXPECT_EQ(server_endpoint, all_endpoint[0]); + + ret = 0; + all_endpoint[0] = NULL; + all_endpoint[1] = NULL; + temp_addr.ipv4 = inet_addr("192.40.0.1"); + ret = maat_ip_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_ENDPOINT].id, (const struct ip_addr *)&temp_addr, (void **)all_endpoint, 2); + + EXPECT_EQ(1, ret); + EXPECT_EQ(client_endpoint, all_endpoint[0]); + + all_endpoint[0] = NULL; + all_endpoint[1] = NULL; +} + +TEST(TMAPI, GetEndPointIdMultipleTunnelEndpoint) +{ + /************************************************************************************************************************* + table name: TSG_TUNNEL_ENDPOINT + endpoint_id endpoint_group_id addr_type addr_format ip1 ip2 description is_valid + "989\t4\t192.50.0.0\t192.50.255.255\ttest\t1", + "990\t4\t192.50.0.0\t192.50.255.255\ttest\t1", + "992\t4\t192.40.0.0\t192.40.127.255\ttest\t1" + **************************************************************************************************************************/ + + // int tsg_get_endpoint_id(const struct streaminfo *a_stream, struct maat *feather, struct tunnel_endpoint **client_endpoint, struct tunnel_endpoint **server_endpoint, long long *endpoint_id_array, int endpoint_id_array_num) + long long endpoint_id_array[128] = {0}; + int endpoint_id_array_num = 128; + struct streaminfo a_stream = {0}; + struct stream_tuple4_v4 tuple4_v4 = {0}; + struct tunnel_endpoint *client_endpoint = NULL, *server_endpoint = NULL; + tuple4_v4.daddr = inet_addr("192.50.128.1"); + tuple4_v4.saddr = inet_addr("192.40.0.1"); + a_stream.addr.addrtype = ADDR_TYPE_IPV4; + a_stream.addr.tuple4_v4 = &tuple4_v4; + + int ret = tsg_get_endpoint_id(&a_stream, g_tsg_maat_feather, &client_endpoint, &server_endpoint, endpoint_id_array, endpoint_id_array_num); + EXPECT_EQ(3, ret); + EXPECT_EQ(992, endpoint_id_array[0]); + EXPECT_EQ(989, endpoint_id_array[1]); + EXPECT_EQ(990, endpoint_id_array[2]); + + EXPECT_EQ(992, client_endpoint->id); + EXPECT_EQ(990, server_endpoint->id); +} + +TEST(TMAPI, GetEndPointIdSourceIpEqualToDestIp) // 也可能在一个网段,是否可以两个不同的endpoint_id拥有相同的网段;是否有可能源ip和目的ip同时可以处于一个endpoint的网段;endpoint_id_array是否可能重复 +{ + /************************************************************************************************************************* + table name: TSG_TUNNEL_ENDPOINT + endpoint_id endpoint_group_id addr_type addr_format ip1 ip2 description is_valid + "989\t4\t192.50.0.0\t192.50.255.255\ttest\t1", + "990\t4\t192.50.0.0\t192.50.255.255\ttest\t1", + **************************************************************************************************************************/ + + // int tsg_get_endpoint_id(const struct streaminfo *a_stream, struct maat *feather, struct tunnel_endpoint **client_endpoint, struct tunnel_endpoint **server_endpoint, long long *endpoint_id_array, int endpoint_id_array_num) + long long endpoint_id_array[128] = {0}; + int endpoint_id_array_num = 128; + struct streaminfo a_stream = {0}; + struct stream_tuple4_v4 tuple4_v4 = {0}; + struct tunnel_endpoint *client_endpoint = NULL, *server_endpoint = NULL; + tuple4_v4.daddr = inet_addr("192.50.128.1"); + tuple4_v4.saddr = inet_addr("192.50.0.1"); + a_stream.addr.addrtype = ADDR_TYPE_IPV4; + a_stream.addr.tuple4_v4 = &tuple4_v4; + + int ret = tsg_get_endpoint_id(&a_stream, g_tsg_maat_feather, &client_endpoint, &server_endpoint, endpoint_id_array, endpoint_id_array_num); + EXPECT_EQ(4, ret); + EXPECT_EQ(989, endpoint_id_array[0]); + EXPECT_EQ(990, endpoint_id_array[1]); + EXPECT_EQ(989, endpoint_id_array[2]); + EXPECT_EQ(990, endpoint_id_array[3]); + + EXPECT_EQ(990, client_endpoint->id); + EXPECT_EQ(990, server_endpoint->id); +} + +extern int tsg_get_vlan_label_id(struct maat *feather, struct single_layer_vlan_addr *vlan_array, int vlan_array_num, long long *label_id_array, int label_id_array_num); +TEST(TMAPI, GetVlanLabelIdIllegalPara) +{ + // int tsg_get_vlan_label_id(struct maat *feather, struct single_layer_vlan_addr *vlan_array, int vlan_array_num, long long *label_id_array, int label_id_array_num) + struct single_layer_vlan_addr vlan_array[2] = {0}; + long long label_id_array[2] = {0}; + EXPECT_EQ(0, tsg_get_vlan_label_id(g_tsg_maat_feather, vlan_array, 2, label_id_array, 0)); + EXPECT_EQ(0, tsg_get_vlan_label_id(g_tsg_maat_feather, vlan_array, 2, NULL, 2)); + EXPECT_EQ(0, tsg_get_vlan_label_id(g_tsg_maat_feather, vlan_array, 0, label_id_array, 2)); + EXPECT_EQ(0, tsg_get_vlan_label_id(g_tsg_maat_feather, NULL, 2, label_id_array, 2)); +} + +TEST(TMAPI, GetVlanLabelIdFunction) +{ + /************************************************************************************************************************* + table name: TSG_TUNNEL_LABEL + label_id label_group_id label is_valid + "15560\t15560\tVLAN_ID\t1", + "15561\t15561\tVLAN_ID\t1" + **************************************************************************************************************************/ + // int tsg_get_vlan_label_id(struct maat *feather, struct single_layer_vlan_addr *vlan_array, int vlan_array_num, long long *label_id_array, int label_id_array_num) + EXPECT_EQ(1, 1); +} + +TEST(TMAPI, GetDNSProfileRecord) +{ + /************************************************************************************************************************* + table name: TSG_PROFILE_DNS_RECORDS + record_id record_name record_type record_values is_valid + "8119\teditTypeA\tA\t[{\"value\":\"1.1.1.1\",\"priority\":null},{\"value\":\"2.2.2.2\",\"priority\":null},{\"value\":\"3.3.3.3\",\"priority\":null}]\t1", + "7961\tFile\tAAAA\t[{\"value\":\"1030::C9B4:FF12:48AA:1A2B\",\"priority\":null},{\"value\":\"1030::C9B4:FF12:48AA:1A2C\",\"priority\":null}]\t1", + "7701\tTypeCNAME\tCNAME\t[{\"value\":\"www.facebook.com\",\"priority\":null},{\"value\":\"www.twitter.com\",\"priority\":null}]\t1" + **************************************************************************************************************************/ + + // void *matched_rule_cites_dns_profile_record(struct maat * feather, long long profile_id); + + long long profile_id = 8119; + struct dns_profile_records *profile_records_right = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + struct dns_profile_records *profile_records = (struct dns_profile_records *)matched_rule_cites_dns_profile_record(g_tsg_maat_feather, profile_id); + EXPECT_EQ(profile_records_right, profile_records); + + profile_records = NULL; + profile_records_right = NULL; + profile_id = 7961; + profile_records_right = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + profile_records = (struct dns_profile_records *)matched_rule_cites_dns_profile_record(g_tsg_maat_feather, profile_id); + EXPECT_TRUE(profile_records_right); + EXPECT_EQ(profile_records_right, profile_records); + + profile_records = NULL; + profile_records_right = NULL; + profile_id = 7701; + profile_records_right = (struct dns_profile_records *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_DNS_PROFILE_RECORD].id, (const char *)&profile_id); + profile_records = (struct dns_profile_records *)matched_rule_cites_dns_profile_record(g_tsg_maat_feather, profile_id); + EXPECT_TRUE(profile_records_right); + EXPECT_EQ(profile_records_right, profile_records); +} + +TEST(TMAPI, GetHttpResponsePagesProfile) +{ + /************************************************************************************************************************* + table name: TSG_PROFILE_RESPONSE_PAGES + profile_id profile_name format path is_valid + "957\ttest-html-1\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.1\t1", + "958\ttest-html-2\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.2\t1" + **************************************************************************************************************************/ + + // void *matched_rule_cites_http_response_pages(struct maat *feather, long long profile_id) + long long profile_id = 957; + struct http_response_pages *response_pages_right = (struct http_response_pages *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_RESPONSE_PAGES].id, (const char *)&profile_id); + struct http_response_pages *response_pages = (struct http_response_pages *)matched_rule_cites_http_response_pages(g_tsg_maat_feather, profile_id); + EXPECT_EQ(957, response_pages->profile_id); + EXPECT_EQ(response_pages_right, response_pages); + + profile_id = 958; + response_pages_right = (struct http_response_pages *)maat_plugin_table_get_ex_data(g_tsg_maat_feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_RESPONSE_PAGES].id, (const char *)&profile_id); + response_pages = (struct http_response_pages *)matched_rule_cites_http_response_pages(g_tsg_maat_feather, profile_id); + EXPECT_EQ(958, response_pages->profile_id); + EXPECT_EQ(response_pages_right, response_pages); +} + +TEST(TMAPI, GetSessionRecordSwitch) +{ + /************************************************************************************************************************* + table name: T_VSYS_INFO + id is_enable_session_record is_valid + "6\t1\t1" + **************************************************************************************************************************/ + EXPECT_EQ(1, tsg_session_record_switch_get()); +} + +TEST(TMAPI, NotifyPacketCaptureByPolicy) +{ + /************************************************************************************************************************* + table name: TSG_PROFILE_TRAFFIC_MIRROR + profile_id profile_name vlan_ids is_valid + "845\t168.50.28yinyong\t[3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34]\t1", + "123\ttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest\t[66]\t1" + **************************************************************************************************************************/ + // int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *result, int result_num, int thread_seq) +} + +TEST(TMAPI, ScanNestingAddr) +{ + // int tsg_scan_nesting_addr(const struct streaminfo *a_stream, enum TSG_PROTOCOL proto, struct maat_state **s_mid, struct maat_rule *results, size_t n_results) +} + +TEST(TMAPI, ScanAppPropertiesPolicy) +{ + // int tsg_scan_app_properties_policy(const struct streaminfo *a_stream, char *property, char *district, struct maat_state *s_mid, struct maat_rule *results, int n_results) } int main(int argc, char *argv[]) -{ - init_fs2_handle(tsg_conffile); - tsg_rule_init(tsg_conffile, g_tsg_para.logger); +{ + tsg_maat_rule_init("tsgconf/main.conf"); testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); } diff --git a/test/src/gtest_sendlog.cpp b/test/src/gtest_sendlog.cpp index e87d876..2e5b3dd 100644 --- a/test/src/gtest_sendlog.cpp +++ b/test/src/gtest_sendlog.cpp @@ -2,37 +2,128 @@ #include #include +#include "tsg_rule.h" + #include "gtest_common.h" #include -int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent) -{ - return 0; -} +struct maat *g_tsg_maat_feather; -int tsg_get_location_type(void) -{ - return 19; -} - -char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id) +char *tsg_device_tag_get(void) { return NULL; } -char get_direction_from_tcpall(const struct streaminfo *a_stream) +char *tsg_data_center_get(void) +{ + return NULL; +} + +int tsg_location_type_get(void) { return 0; } +int tsg_session_record_switch_get(void) +{ + return 0; +} + +void *session_mac_linkinfo_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_gather_app_results_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_conn_sketch_notify_data_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_business_data_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_session_flags_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_application_behavior_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_mirrored_and_capture_packets_exec_result_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_lua_user_defined_attribute_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_nat_c2s_linkinfo_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *session_nat_s2c_linkinfo_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +int session_matched_rules_async(const struct streaminfo * a_stream, TSG_SERVICE service, void * data) +{ + return 0; +} + +const struct matched_policy_rules *session_matched_rules_get(const struct streaminfo *a_stream, enum TSG_SERVICE service) +{ + return 0; +} + +void session_matched_rules_free(const struct streaminfo * a_stream, TSG_SERVICE service, void * data) +{ +} + +char srt_action_context_get_direction(const struct streaminfo * a_stream) +{ + return 0; +} + +int tsg_get_app_name_by_id(struct maat *feahter, int app_id, char * app_name, int app_name_len, int is_joint_parent) +{ + return 0; +} + +const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo * a_stream) +{ + return NULL; +} + +void *matched_rule_cites_security_compile(struct maat * feather, long long compile_id) +{ + return NULL; +} + +void plugin_ex_data_security_compile_free(struct maat_compile * maat_compile) +{ +} + TEST(MasterTest, SetVlan) { //int ret=set_vlan(NULL, NULL, NULL, 0, NULL, LOG_COMMON_TUNNELS_VLAN_SRC_ID); //EXPECT_EQ(1, ret); } - int main(int argc, char *argv[]) { testing::InitGoogleTest(&argc, argv); diff --git a/test/src/gtest_session_state.cpp b/test/src/gtest_session_state.cpp index 23c8bcd..d2611db 100644 --- a/test/src/gtest_session_state.cpp +++ b/test/src/gtest_session_state.cpp @@ -10,7 +10,7 @@ extern int get_ctrl_pkt(char *buf, int len); struct parse_handle test_handle; -unsigned long long tsg_get_stream_id(struct streaminfo * a_stream) +unsigned long long tsg_get_stream_trace_id(const struct streaminfo * a_stream) { return 10; } @@ -131,11 +131,11 @@ TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping1) int ctrl_pkt_len = 0; memset(&policy_array, 0, sizeof(struct update_policy) * 2); policy_array[0].type = POLICY_UPDATE_SHAPING; - policy_array[0].id_num = 3; + policy_array[0].n_ids = 3; policy_array[0].ids[0] = 1; policy_array[0].ids[1] = 2; policy_array[0].ids[2] = 3; - policy_array[1].id_num = 3; + policy_array[1].n_ids = 3; policy_array[1].ids[0] = 4; policy_array[1].ids[1] = 5; policy_array[1].ids[2] = 6;